Krux
May 9, 2026
OpenAI Locks GPT-5.5-Cyber Behind Defender-Only Access
Published: May 9, 2026 at 12:14 AM
Updated: May 9, 2026 at 12:14 AM
100-word summary
OpenAI just rolled out GPT-5.5-Cyber, a model trained for offensive security work, but you can't use it unless you defend critical infrastructure. The company is vetting who gets access through a Trusted Access for Cyber program, requiring proof you're on defense, not offense. Critical-infrastructure teams can now run automated red-team attacks and validate high-severity vulnerabilities without the model refusing to help. The catch? You'll need phishing-resistant authentication starting June 1. OpenAI even released a Codex Security plugin that brings threat modeling directly into code editors. Translation: the lab that criticized Anthropic for restricting access to Mythos now restricts its own cyber model the same way.
What happened
OpenAI just rolled out GPT-5.5-Cyber, a model trained for offensive security work, but you can't use it unless you defend critical infrastructure. The company is vetting who gets access through a Trusted Access for Cyber program, requiring proof you're on defense, not offense. Critical-infrastructure teams can now run automated red-team attacks and validate high-severity vulnerabilities without the model refusing to help. The catch? You'll need phishing-resistant authentication starting June 1. OpenAI even released a Codex Security plugin that brings threat modeling directly into code editors.
Why it matters
Translation: the lab that criticized Anthropic for restricting access to Mythos now restricts its own cyber model the same way.