Earlier this month I wrote about how OpenAI was locking away its cyber model — doing exactly what it had accused Anthropic of with Mythos. Now GPT-5.5-Cyber is actually live. But not for everyone.
Trusted Access for Cyber
OpenAI has launched a new system called ‘Trusted Access for Cyber.’ The idea: security researchers and defender teams get access to GPT-5.5’s strongest cyber capabilities — but only after identity verification.
There are three tiers. Individuals can verify themselves at chatgpt.com/cyber. Companies can request default access for their entire team through their OpenAI account manager. And for particularly sensitive work — red teaming, penetration testing — there’s an invitation-only program.
GPT-5.5 vs. GPT-5.5-Cyber
The separation is deliberate. GPT-5.5 with Trusted Access covers most defensive workflows: code reviews, vulnerability triage, malware analysis, detection engineering. GPT-5.5-Cyber goes a step further and enables dual-use workflows like validating exploits in controlled environments.
Starting June 1, 2026, all GPT-5.5-Cyber users must activate Advanced Account Security — YubiKey or equivalent.
10 Million Dollars for Defense
On top of the model, OpenAI is providing 10 million dollars in API credits through its Cybersecurity Grant Program. The funding targets teams with a track record of finding and fixing vulnerabilities in open-source software and critical infrastructure.
What it means
The strategy makes sense: instead of completely blocking cyber capabilities (which other providers would offer anyway) or making them freely available (which helps attackers), OpenAI is trying a middle path. Identity-based access instead of binary yes/no.
Whether it works in practice remains to be seen. The line between offensive and defensive security research is blurry. But the approach is thoughtful — and the 10 million dollars for open-source security is a concrete contribution, not just a PR gesture.
Sources: SiliconAngle · OpenAI