OpenAI is progressively opening GPT-5.5-Cyber—the cybersecurity-specialized fine-tuned version of GPT-5.5—to certified security institutions and government users through a trusted access ecosystem. This move extends the Cybersecurity Trusted Access Program launched in February and further refines the tiered permission structure. It means the public entrance to frontier models in high-risk domains is narrowing.
Capabilities and Controls, Side by Side
GPT-5.5’s improvements in cybersecurity tasks are already significant enough to draw attention. According to OpenAI’s public system card:
| Benchmark | GPT-5.4 | GPT-5.5 | Improvement |
|---|---|---|---|
| CyberGym | 79.0% | 81.8% | +2.8pp |
| Extended CTF Challenges | — | 88.1% | New |
Within OpenAI’s internal Preparedness Framework, GPT-5.5’s cybersecurity capabilities are rated “High” risk. This means the model’s abilities in penetration testing, vulnerability exploitation, and attack path planning have reached a threshold requiring special管控.
Trusted Access Ecosystem: Who Gets In
GPT-5.5-Cyber is not distributed through a public API but through tiered trusted access:
- Highest-tier certified users: Full access to GPT-5.5-Cyber capabilities
- Security vendors and research institutions: Can apply for access after passing review
- Government and “Five Eyes” intelligence-sharing partners: OpenAI has been pitching this product to federal and state-level agencies over recent months
In mid-April, OpenAI officially extended GPT-5.4-Cyber’s trusted access to higher tiers, and GPT-5.5-Cyber is continuing this pattern while tightening controls further.
Landscape Assessment
This is a paradigm shift worth noting. Over the past two years, the competitive logic among AI companies was “the stronger, the more open”—attracting developer ecosystems with public benchmarks and APIs. But in high-risk domains like cybersecurity and biosecurity, the logic is reversing to “the stronger, the more controlled.”
Anthropic’s Mythos model has long been invite-only, offering whitebox access only to a small number of security researchers. OpenAI has chosen a slightly different path: keeping public GPT-5.5 available for normal use, but isolating cybersecurity-specific capabilities into controlled channels. This “public + restricted” dual-track model may become the standard for future high-risk models.
Action Items
- Security practitioners: Monitor OpenAI’s trusted access application channels and understand certification requirements
- Enterprise security teams: Evaluate the availability window for GPT-5.5-Cyber in defensive scenarios while tracking competitors like Anthropic Mythos
- Researchers: The GPT-5.5 Bio Bug Bounty remains open for vetted red-teamers and serves as an entry point for accessing higher-level models