clauding.de
DE
3 min read AI-generated

GPT-5.5-Cyber: OpenAI Locks Away Its Cyber Model - After Mocking Anthropic for Doing the Same

Copy article as Markdown

First slam Anthropic for restricting Mythos, then restrict GPT-5.5-Cyber behind the same kind of velvet rope. OpenAI just reinvented the gatekeeping it recently ridiculed.

OpenAI GPT-5.5 Cybersecurity Anthropic Mythos AISI
Featured image for "GPT-5.5-Cyber: OpenAI Locks Away Its Cyber Model - After Mocking Anthropic for Doing the Same"

Sometimes the AI industry writes its own satire. Just a few weeks ago, Sam Altman criticized Anthropic on the Core Memory podcast for distributing Mythos only to vetted organizations under strict controls. ‘There are people who want to keep AI in the hands of a smaller group,’ he said. ‘You build a bomb, hold it over someone’s head, and sell them a bunker for $100 million.’

Now OpenAI is doing exactly the same thing.

GPT-5.5-Cyber: For Selected ‘Defenders’ Only

On May 1, Altman announced on X that GPT-5.5-Cyber will roll out ‘in the next few days’ to a handpicked circle of ‘trusted defenders.’ The model specializes in penetration testing, bug hunting, exploit development, and malware analysis. Access comes exclusively through the ‘Trusted Access for Cyber’ program - limited to government agencies, critical infrastructure operators, security vendors, and financial institutions.

That is, at its core, the exact same strategy Anthropic pursues with Mythos: a powerful cyber model distributed only under controlled conditions to vetted partners. Except Altman dismissed that as fear-based marketing just weeks ago.

AISI Confirms: As Capable as Mythos

The UK’s AI Security Institute independently tested GPT-5.5-Cyber and published results on May 1. The verdict: the model achieves a 71.4% pass rate on expert-level cyber tasks and became only the second model after Mythos to complete a 32-step network attack simulation end to end.

That sounds like a head-to-head race between OpenAI and Anthropic. But AISI draws a broader conclusion: offensive cyber capabilities appear to be emerging not from targeted specialization, but as a side effect of general improvements in autonomy, reasoning, and coding. This isn’t an Anthropic anomaly - it’s a frontier-wide trend.

Universal Jailbreak in Six Hours

The uncomfortable punchline of the AISI evaluation: testers found a universal jailbreak that worked across all malicious cyber queries OpenAI provided - including in multi-turn agentic settings. It took six hours of expert red-teaming to develop. OpenAI made adjustments to the safeguard stack afterward, but AISI couldn’t verify the final configuration due to a setup issue.

That raises questions. If a six-hour red-teaming effort is enough to bypass the guardrails, how robust are they really?

The Real Takeaway

The story here isn’t that Altman is a hypocrite - positions in tech shift faster than release cycles. The story is that the entire industry appears to be reaching the same conclusion: cyber models at this capability level can’t simply be made available to everyone.

Whether you call that responsible development or gatekeeping depends on where you stand. But the convergence is remarkable: Anthropic, OpenAI, and regulators are all arriving at the same point.

Sources: OpenAI: Trusted Access for Cyber, AISI: Evaluation of GPT-5.5 cyber capabilities, The Register: OpenAI locks GPT-5.5-Cyber behind velvet rope