OpenAI has released GPT-5.5-Cyber, a variant of its latest AI model, in limited preview for verified cybersecurity professionals and organizations through its Trusted Access for Cyber program. This move marks a significant shift in the balance between frontier capabilities and defensive workflows, with OpenAI tipping the scales in favor of defenders like Sophos. The release of GPT-5.5-Cyber is part of a broader trend that began earlier this year with the introduction of TAC and the fine-tuning of cyber-permissive variants.

What Happened

In April, an early checkpoint of GPT-5.5 suggested that it had reached a similar level of performance on cybersecurity evaluations as Anthropic's Claude Mythos Preview. This model was found to be capable of completing a multi-step exercise, such as a corporate network attack simulation, end-to-end, which would take a human around 20 hours. The results from GPT-5.5-Cyber indicate that this is not a breakthrough specific to one model, but rather part of a broader trend in cyber performance.

The evaluation was conducted using a suite of 95 narrow cyber tasks across four difficulty tiers, which test a broad range of cybersecurity skills. The advanced suite tasks are specifically designed to probe the capabilities considered most important to measure, including vulnerability research and exploitation against realistic targets and modern mitigations. GPT-5.5-Cyber achieves an average pass rate of 71.4% on these tasks, compared to 68.6% for Mythos Preview, 52.4% for GPT-5.4, and 48.6% for Opus 4.7.

Background and Context

The release of GPT-5.5-Cyber is part of a broader trend in the development of AI models with advanced cybersecurity capabilities. In April, Anthropic released Claude Mythos to a small set of partners as part of an initiative called "Project Glasswing." The disclosed capabilities, including thousands of zero-day vulnerabilities surfaced and a 72.4% exploit development success rate, were significant enough that the U.S. Treasury Secretary and Federal Reserve Chair convened the CEOs of the largest U.S. banks for an emergency briefing on what the technology meant for the resilience of the financial sector.

The capability is out, and containment is uncertain. AI accelerates discovery, generates working exploits, and compresses the gap between a vendor advisory and observed exploitation. OpenAI's release this week is significant because it is one of the most aggressive moves yet to put a comparable class of capability on the defenders' side, backed by an access framework designed to keep pace with the evolving threat landscape.

Why It Matters to the Industry

The release of GPT-5.5-Cyber and its predecessor, GPT-5.5, marks a significant shift in the balance between frontier capabilities and defensive workflows. As AI accelerates discovery and generates working exploits, defenders like Sophos are being equipped with proportionally stronger verification and accountability around access. This move is part of OpenAI's effort to tip the scales in favor of defenders, who are now able to automate and expand red-teaming exercises on infrastructure systems and validate high-severity vulnerabilities.

The implications for the adult industry are significant. As AI-generated content becomes increasingly prevalent, the need for advanced cybersecurity capabilities will only continue to grow. The release of GPT-5.5-Cyber and its predecessor, GPT-5.5, marks a significant step forward in this effort, providing defenders with the tools they need to stay ahead of the evolving threat landscape.

What Comes Next

OpenAI has stated that it plans to continue accelerating defenders with various models, including both its flagship models through Trusted Access for Cyber and dedicated cyber models like GPT-5.5-Cyber. The company is also tightening verification at the same time, requiring phishing-resistant authentication for individual members accessing the most permissive models.

The release of GPT-5.5-Cyber marks a significant shift in the balance between frontier capabilities and defensive workflows. As AI accelerates discovery and generates working exploits, defenders like Sophos are being equipped with proportionally stronger verification and accountability around access. This move is part of OpenAI's effort to tip the scales in favor of defenders, who are now able to automate and expand red-teaming exercises on infrastructure systems and validate high-severity vulnerabilities.

Key Facts

  • GPT-5.5-Cyber is a variant of OpenAI's latest AI model, released in limited preview for verified cybersecurity professionals and organizations through its Trusted Access for Cyber program.
  • The model includes stronger verification requirements and account-level controls, with preview access focused on advanced security operations such as authorized red teaming, penetration testing, and controlled validation.
  • GPT-5.5-Cyber achieves an average pass rate of 71.4% on advanced cybersecurity tasks, compared to 68.6% for Mythos Preview, 52.4% for GPT-5.4, and 48.6% for Opus 4.7.
  • The release of GPT-5.5-Cyber marks a significant shift in the balance between frontier capabilities and defensive workflows, with OpenAI tipping the scales in favor of defenders like Sophos.
  • OpenAI plans to continue accelerating defenders with various models, including both its flagship models through Trusted Access for Cyber and dedicated cyber models like GPT-5.5-Cyber.