What Is GPT-5.5-Cyber?
GPT-5.5-Cyber is a cybersecurity-specific variant of GPT-5.5, OpenAI's flagship model released on April 24, 2026. On April 30, 2026, Sam Altman announced on X that OpenAI is beginning rollout of GPT-5.5-Cyber to "critical cyber defenders" within days, with plans to work with both industry and government to establish trusted access pathways.
The model is purpose-built for defensive security work. It carries fewer usage restrictions than the standard GPT-5.5 release for verified users, is designed to reduce the refusals that previously frustrated security researchers using earlier GPT models on dual-use queries, and sits within OpenAI's broader Trusted Access for Cyber (TAC) program.
This is not OpenAI's first cyber-specific model — GPT-5.4-Cyber launched two weeks earlier on April 14, 2026 — but GPT-5.5-Cyber is the most capable version yet, built on the stronger GPT-5.5 base.
What Altman Said
Altman's April 30 post on X laid out three things OpenAI intends to do with GPT-5.5-Cyber:
- Roll out to critical cyber defenders within days
- Work with the entire ecosystem and with government to establish trusted access for cybersecurity use cases
- Rapidly help secure companies and critical infrastructure
The framing is deliberately broad — OpenAI is positioning this as infrastructure-level security tooling, not just an enterprise product. Altman's mention of "the government" signals that federal agencies and national security bodies are part of the intended rollout plan.
What GPT-5.5-Cyber Can Do
OpenAI's system card and release documentation describe GPT-5.5 as performing strongly on coding, computer use, knowledge work, and multi-step reasoning tasks. The cyber-permissive variant extends those capabilities into security-specific workflows with fewer guardrails for vetted users. Specific verified capabilities include:
- Finding and validating proof-of-concept exploits for software vulnerabilities
- Reasoning across complex, multi-step attack and defense scenarios using MITRE ATT&CK-grounded evaluations
- Performing niche cyber tasks that, according to OpenAI's red-teaming results, "most expert cyber operators would not possess"
- Automating discovery of operationally relevant vulnerabilities to reduce bottlenecks in scaling cyber defense
OpenAI's Codex Security agent — a separate product built on these models — has already contributed to over 3,000 critical and high-severity fixed vulnerabilities as of the April 2026 launch period.
One important boundary: GPT-5.5-Cyber does not yet meet OpenAI's threshold for "Critical Capability" — defined as the ability to develop functional zero-day exploits across hardened real-world critical systems without human intervention. That threshold has not been crossed, and OpenAI's Preparedness Framework safeguards are designed to stay ahead of it.
How Access Works: Trusted Access for Cyber (TAC)
Access to GPT-5.5-Cyber is gated through OpenAI's Trusted Access for Cyber program. There are two access tiers:
- General verified defenders: Individual security professionals and teams can apply at chatgpt.com/cyber to reduce refusals on legitimate security work within GPT-5.5. This covers a wide range of vetted defenders.
- Critical infrastructure organizations: Organizations responsible for defending critical infrastructure can apply for access to the full cyber-permissive model (GPT-5.4-Cyber and now GPT-5.5-Cyber) under strict security requirements for internal use only.
OpenAI is scaling the TAC program to thousands of authenticated individual defenders and hundreds of security teams. Initial access is limited to vetted security vendors, researchers, and organizations — broader availability will expand over time as OpenAI reviews and verifies applicants. Onboarding is expected to take time.
The safeguard stack includes real-time automated oversight, classifiers for potential cyber risk, authenticated access controls, and escalation systems for higher-risk content. These controls were stress-tested with external red teams before launch.
How GPT-5.5-Cyber Compares to Anthropic's Mythos
| Feature | GPT-5.5-Cyber (OpenAI) | Mythos Preview (Anthropic) |
|---|
| Access model | TAC program — thousands of defenders | ~40 organizations (controlled preview) |
| Philosophy | Broad access, verified identity controls | Restricted access, controlled rollout |
| Deployment | chatgpt.com/cyber + enterprise | Project Glasswing — invitation only |
| Government access | Explicitly planned | Not publicly confirmed |
| Base model | GPT-5.5 (released April 24, 2026) | Mythos (frontier cybersecurity model) |
OpenAI's cyber researcher Fouad Matin described the philosophy directly: "No one should be in the business of picking winners and losers when it comes to cybersecurity." The approach contrasts with Anthropic's more restrictive Mythos Preview rollout, which limits access to roughly 40 organizations through Project Glasswing.
Why This Matters for Security Teams Right Now
The dual-use problem has always been the central tension in AI cybersecurity models: the same capability that helps a defender find a vulnerability also helps an attacker exploit one. OpenAI's answer with GPT-5.5-Cyber is to shift the control mechanism from capability restriction to identity verification — give defenders more capable tools with fewer refusals, but make sure you know who is using them.
For enterprise security teams, this means two immediate things: first, the friction of earlier GPT models refusing dual-use security queries should decrease for TAC-verified users. Second, the model's ability to reason across multi-step offensive and defensive scenarios could meaningfully accelerate vulnerability research and red-team automation for teams that qualify.
For critical infrastructure operators — energy, water, finance, healthcare — the government-coordination language in Altman's announcement is worth watching. It suggests federal agencies may receive access pathways outside the standard TAC program.
How to Apply for GPT-5.5-Cyber Access
Individual defenders and security teams can apply at chatgpt.com/cyber. OpenAI reviews applicants against trust signals including verified professional identity and organizational affiliation. Organizations responsible for critical infrastructure should apply for the higher-tier access pathway, which requires meeting additional security requirements for use on internal systems.
Expect onboarding to take time — OpenAI has been explicit that verification reviews will not be instant.
FAQ
What is GPT-5.5-Cyber?
GPT-5.5-Cyber is a cybersecurity-specific variant of OpenAI's GPT-5.5 model, announced by Sam Altman on April 30, 2026. It is optimized for defensive security work and available to verified users through OpenAI's Trusted Access for Cyber program with fewer usage restrictions than the standard model.
How is GPT-5.5-Cyber different from GPT-5.5?
GPT-5.5-Cyber is a cyber-permissive variant of the same underlying model. It allows verified defenders to perform dual-use security tasks — vulnerability research, exploit validation, attack simulation — with fewer refusals. The standard GPT-5.5 has stricter classifiers that limit some of these use cases even for legitimate security professionals.
How do I get access to GPT-5.5-Cyber?
Apply at chatgpt.com/cyber. OpenAI verifies applicants based on professional trust signals. Organizations defending critical infrastructure can apply for a higher-tier access pathway subject to stricter security requirements.
Can GPT-5.5-Cyber create zero-day exploits?
No. OpenAI's system card confirms that GPT-5.5-Cyber does not meet the threshold for developing functional zero-day exploits across hardened real-world critical systems without human intervention. That is OpenAI's defined "Critical Capability" threshold, and it has not been reached.
How does this compare to Anthropic's Mythos?
Both are frontier cybersecurity AI models, but their rollout philosophies differ significantly. OpenAI is scaling access to thousands of defenders through a verified identity program. Anthropic's Mythos Preview is limited to approximately 40 organizations through Project Glasswing. OpenAI is explicitly including government access in its roadmap; Anthropic has not publicly confirmed equivalent plans.
Is GPT-5.5-Cyber available through the API?
As of the April 30, 2026 announcement, API availability has not been confirmed for the cyber-permissive variant. The standard GPT-5.5 was expected to reach the API shortly after its April 24 ChatGPT launch. TAC program access is currently the primary pathway for GPT-5.5-Cyber capabilities.