OpenAI expands GPT-5.5-Cyber access for vetted critical-infrastructure defenders

OpenAI on Thursday expanded access to a specialized version of its GPT-5.5 model, codenamed “Spud,” for vetted cybersecurity professionals, as the industry debates how to deploy cyber-capable AI tools without enabling misuse.

The company is offering a limited preview of “GPT-5.5-Cyber” to cyber defenders responsible for securing critical infrastructure. Participants approved for the highest tier of OpenAI’s Trusted Access for Cyber program will receive a version of GPT-5.5 with fewer guardrails than the public model.

OpenAI said the model is intended for defensive work such as bug hunting, malware analysis, reverse engineering, and writing proofs of concept for vulnerabilities that defenders identify. The company said restrictions remain in place for certain activities, including credential thesources and writing malware.

Tested capabilities raise policy questions

The rollout follows recent security evaluations suggesting GPT-5.5 is nearly as capable at finding and exploiting sosourcesware vulnerabilities as Anthropic’s Mythos Preview model.

The U.K. AI Security Institute said GPT-5.5 completed a 32-step simulated corporate cyberattack in 2 out of 10 test runs. Mythos completed the same test in 3 out of 10 runs. The institute said that before Mythos, no AI model had successfully completed the test.

Different rollout strategies

OpenAI and Anthropic have taken different approaches to managing access to these tools. Anthropic has limited Mythos access to approximately 40 organizations. OpenAI is expanding availability through its Trusted Access for Cyber program, offering different model variants with different guardrail levels.

Discussions are also ongoing within the White House about potential executive actions that could influence how future AI model rollouts are regulated.