OpenAI Deploys GPT-5.5-Cyber to Vetted Security Teams
OpenAI rolled out GPT-5.5-Cyber on May 7 in limited preview to approved defenders at critical-infrastructure operators, enabling unconstrained red-teaming and exploit validation.

OpenAI began distributing GPT-5.5-Cyber — a version of its most capable model with deliberately relaxed safety constraints — to a vetted cohort of professional security researchers and critical-infrastructure defenders on May 7, marking the most direct engagement yet between a frontier AI lab and the offensive security community.
What GPT-5.5-Cyber Does Differently
The standard GPT-5.5 model, released two weeks prior, already represents a meaningful capability improvement over its predecessors. The cyber-specific variant takes the same underlying model and adjusts its constraint profile: tasks that the public API refuses — such as writing proof-of-concept exploit code, generating malware for analysis purposes, or scripting multi-stage penetration tests — are permitted for approved users operating within defined authorized workflows.
OpenAI was explicit about the design intent: the model supports vulnerability identification and triage, proof-of-concept writing for bugs defenders have already found, patch validation, malware reverse engineering, and authorized red-team simulations. It remains blocked from credential theft, offensive malware development targeting live systems, and any capability that would contribute to real-world harm rather than controlled research.
The company's own framing was carefully calibrated. "The initial preview of cyber-permissive models like GPT-5.5-Cyber is not intended to significantly increase cyber capability beyond GPT-5.5," OpenAI stated — an acknowledgement that the distinction between general and specialized versions is currently more about access control and permissioning than raw capability uplift.
Independent Evaluation Results
Britain's AI Safety Institute published an evaluation of GPT-5.5 that provides important context for interpreting what the cyber-permissive variant may enable. In controlled benchmarks, GPT-5.5 achieved a 71.4 percent pass rate on expert-level cybersecurity tasks. More strikingly, the model solved a reverse-engineering challenge — a Rust virtual machine requiring expert binary analysis — in approximately ten minutes; the same task took human specialists around twelve hours.
The evaluation also found that the model completed a 32-step end-to-end corporate network attack simulation, called "The Last Ones," in 2 out of 10 attempts — executing reconnaissance, credential movement, lateral escalation, and data exfiltration in a controlled environment. GPT-5.5 was only the second model to accomplish this, after Anthropic's Claude Mythos Preview, which made headlines the same week for finding 271 vulnerabilities in Firefox's codebase.
The AISI researchers concluded that "offensive cyber capabilities are emerging as a byproduct of more general improvements in long-horizon autonomy, reasoning, and coding" and projected further rapid gains. That framing underscores why OpenAI chose gated access over open availability: the capability is real enough to warrant an identity and verification layer before deployment.
Who Gets Access
GPT-5.5-Cyber is available in limited preview to defenders who qualify for the highest tier of OpenAI's Trusted Access for Cyber program. Eligible organizations include critical-infrastructure operators, government security entities, cloud platform security teams, and financial institutions. Access requires verified professional credentials, organizational enrollment in the program, and approved use-case documentation.
Individual users in the program face an additional requirement: enrollment in Advanced Account Security by June 1, 2026. That deadline applies to the broader Trusted Access program and is likely intended to ensure that privileged model access is not reachable through compromised consumer accounts. OpenAI CEO Sam Altman summarized the intent simply: "We'd like to help companies secure themselves."
The access model echoes the approach that Anthropic took with Mythos Preview — restricted to major infrastructure owners through an invite-only program — suggesting the two leading safety-focused labs are converging on a similar framework for managing dual-use capability: capability is available but only behind verified identity and institutional accountability.
The Broader Security Moment
The simultaneous arrival of Claude Mythos's Firefox vulnerability discoveries and GPT-5.5-Cyber's deployment in the same week is not coincidental timing — it reflects a structural shift in how AI labs are engaging with the security community. For years, AI models' potential to assist offensive operations was treated primarily as a risk to mitigate. The current posture treats it as a resource to be carefully channeled toward defenders.
The practical implication for security teams is a significant productivity lever. Automating the triage step between finding a potential vulnerability and validating it with a working proof of concept — historically a bottleneck requiring senior engineer time — compresses the defensive cycle at exactly the moment when attack surfaces are expanding through AI-accelerated software development.
What remains unresolved is the verification infrastructure. OpenAI and Anthropic can both impose access controls, but confirming that an approved organization's security team is using the capability in authorized workflows — and not, for instance, through a compromised insider — is a harder operational problem that neither lab has fully described how it plans to solve.
Sources
- ↳https://openai.com/index/gpt-5-5-with-trusted-access-for-cyber/
- ↳https://www.helpnetsecurity.com/2026/05/08/openai-gpt-5-5-cyber-model/
- ↳https://www.cnbc.com/2026/05/07/openai-rolls-out-new-gpt-5point5-cyber-to-vetted-cybersecurity-teams.html
- ↳https://www.aisi.gov.uk/blog/our-evaluation-of-openais-gpt-5-5-cyber-capabilities
- ↳https://www.axios.com/2026/05/07/openai-gpt-55-cybersecurity-model