OpenAI began rolling out GPT-5.5-Cyber, its first cybersecurity-tuned frontier model, to vetted defenders on April 29. CEO Sam Altman announced the launch on X, framing it as a few-days rollout to "critical cyber defenders." The move arrives alongside a five-pillar policy paper, "Cybersecurity in the Intelligence Age," and a sharp expansion of the Trusted Access for Cyber program that previously gated only a small slice of researchers.
The strategic message is hard to miss. Anthropic spent April keeping Claude Mythos Preview locked behind a 50-organization consortium called Project Glasswing, citing the model's autonomous vulnerability discovery as too dangerous to ship. OpenAI is going the other way. "We have to democratize our ability to uplift everyone who needs cyber defense and not just reserve it for the Fortune 50," Sasha Baker, OpenAI's head of national security policy, told CNN, which is the kind of framing that lands well in a White House meeting (one she had attended, along with reps from Anthropic, Google, and major banks, the day before the announcement).
The benchmark question
Here's where I want to be careful. Coverage of the announcement keeps citing GPT-5.5's 81.8% score on CyberGym, against Claude Opus 4.7's 73.1%. Those numbers are real, and they come from OpenAI's own evaluations of the base GPT-5.5 model. They are not scores for GPT-5.5-Cyber. OpenAI has published exactly zero technical specifications or independent benchmarks for the Cyber variant itself. The Cyber model is described as a fine-tune with the refusal boundary lowered for legitimate defensive work and additional capabilities like binary reverse engineering, but how that translates into hard numbers, OpenAI has not said yet.
Worth knowing: Anthropic's own published CyberGym number for Opus 4.7 is 73.8%, not 73.1%, with what they call an updated harness designed to "better elicit cyber capability." Less than a point of difference, but that's the thing about self-reported frontier benchmarks. The methodology gap is doing more work than the score gap.
What's actually changing in TAC
This part is concrete. The Trusted Access for Cyber program, launched quietly in February and scaled up on April 14 with the GPT-5.4-Cyber variant, is now opening to vetted government users at federal, state, and local levels, financial sector institutions, and (this is the new piece) smaller hospitals, school districts, water utilities, and municipalities reached through MSSPs and CISA-supported intermediaries.
That last category matters. Local water utilities and rural hospitals are the soft underbelly of US critical infrastructure. They have no security budget and are already being ransomwared into oblivion. Whether handing them lightly-supervised access to a frontier model via a contracted security provider actually helps, or just adds a new attack surface, is the question I would want answered before celebrating.
Baker's framing suggests OpenAI knows this is the trade. "We don't, as a company, believe that we should be the sole determinants of who gets access to our tools," she said. The kicker: the company plans to "take some guidance from the White House about where they want to drive this."
So: government-shaped access policy, with OpenAI providing the model. Got it.
A "High" rating, not "Critical"
Under OpenAI's Preparedness Framework, GPT-5.5 sits at "High" for cybersecurity capability, the same tier as GPT-5.4. "Critical" is the threshold at which OpenAI says it would impose much harder limits, including the ability to develop zero-day exploits autonomously without human intervention. The full breakdown lives in the system card.
The UK AI Security Institute, which got pre-release access, called GPT-5.5 the strongest model it has tested on narrow cyber tasks, with a pass@5 of 90.5%. They also found a universal jailbreak for the cyber safeguards in roughly six hours of expert red-teaming. Both can be true. Both probably are.
The gap between "we evaluated this model and it's strong" and "we cannot prevent a determined user from removing the guardrails in an afternoon" is precisely the gap that TAC is supposed to plug, by replacing prompt-level refusals with identity-gated access. Whether that holds up under adversarial scrutiny is a question that gets answered in production, not in a system card.
What to watch
OpenAI has not committed to a date for technical disclosure on GPT-5.5-Cyber, and Altman's "next few days" timeline for rollout means the first non-OpenAI assessments should land in May. The Bank of England governor publicly warned earlier this month that Mythos may have "cracked the whole cyber-risk world open"; if GPT-5.5-Cyber is in that ballpark, regulators on both sides of the Atlantic are going to want numbers, not pillars.
The European Commission has reportedly already met with Anthropic at least three times about Mythos. OpenAI's open-the-doors approach gives Brussels a different test case to react to. It will.
