OpenAI Limits GPT-5.5 Cyber Access Despite Previous Criticism of
OpenAI CEO Sam Altman confirmed that the company’s new cybersecurity-specific model will only be available to verified defenders through a vetted
AI reporter
Reports on model launches, frontier labs, developer platforms, and AI policy with an emphasis on claims verification and rollout context.
Editorial responsibility: Lead reviewer for AI coverage, launch claims, and policy context
Primary source: TechCrunch AI. Full source links and update notes are below.
Fast summary
Start here
- OpenAI is restricting GPT-5.5 Cyber to verified security professionals to prevent the tool's misuse for offensive operations.
- Sam Altman previously criticized rival Anthropic for 'fear-based marketing' when it implemented similar restrictions for its Mythos tool.
- The access program, Trusted Access for Cyber (TAC), involves a tiered verification process for individuals and organizations protecting critical software.

What happened
OpenAI is restricting access to GPT-5.5 Cyber, a specialized model built for defensive cybersecurity work, despite previously criticizing Anthropic for using a similar gated-release strategy with its Mythos tool. The model will be available only to vetted security professionals and organizations through OpenAI's Trusted Access for Cyber program, reflecting a growing consensus among top labs that some high-risk AI capabilities cannot simply be released like general consumer products.
The decision matters because cybersecurity models sit right on the edge of the industry's central safety dilemma. The same system that can help defenders identify vulnerabilities, understand exploit chains, or reverse-engineer malware can also help attackers do those things faster. That makes access policy part of the product itself, not just an administrative detail.
What's new in this update
OpenAI has now outlined a more formal structure for its cyber-access program, including tiered vetting for individuals and teams that claim legitimate defensive use cases. The company says thousands of verified defenders and hundreds of organizations already participate in the broader program, and GPT-5.5 Cyber will be introduced within that controlled channel rather than through normal public API release.
The move is especially notable because Sam Altman had earlier criticized Anthropic's gating of Mythos as "fear-based marketing." Now OpenAI has arrived at a similar conclusion: when a model becomes powerful enough in a dangerous domain, openness creates a nontrivial misuse problem. That reversal does not necessarily mean the earlier criticism was insincere, but it does show how rapidly real capability pressures can change public positions.
Key details
GPT-5.5 Cyber is intended for demanding security tasks such as penetration testing, vulnerability analysis, exploit reasoning, and malware reverse engineering. OpenAI says access applicants must submit credentials and explain how they intend to use the system. The company appears to be trying to preserve usefulness for defenders while reducing the chance that cybercriminals, opportunistic red teams, or poorly supervised experimenters gain frictionless access.
That creates several tensions:
- Security researchers want fewer safety blocks when doing legitimate work.
- Open access increases the risk of offensive repurposing.
- Gated access improves control but may slow research and favor established institutions.
- Labs must decide how much trust to place in application-based vetting systems.
The result is a model that is technically advanced but commercially and ethically constrained by design.
Background and context
Both OpenAI and Anthropic have been pushed into similar territory because cyber capabilities are one of the clearest examples of dual-use AI. Model labs increasingly want to serve defenders, governments, and enterprise security teams, but they also know that public misuse in this domain could be reputationally and politically explosive.
This is part of a larger shift across frontier AI companies. Instead of treating access as a default right for anyone with an API key, labs are beginning to stratify capability exposure based on risk. Highly capable cyber, bio, and other sensitive models may increasingly move into trust frameworks, consortia, or approved-access programs rather than general release.
What to watch next
The next major question is whether these gating systems actually work. Labs will be judged not only on whether they restrict access, but on whether restricted models leak, are socially engineered out of their guardrails, or end up in the hands of actors they were meant to exclude. The balance between openness, safety, and market competition will remain unstable.
Why this matters
This matters because it shows the industry converging on a harder truth: powerful AI tools in cybersecurity are too useful to ignore and too dangerous to distribute casually. OpenAI's reversal underscores how quickly competitive rhetoric gives way to controlled access once the misuse stakes become real.
Reader context
This story belongs to Northstar Herald's Artificial Intelligence and Cybersecurity coverage, with related entities including GPT-5.5 Cyber, Sam Altman, Mythos AI, Vulnerability Research. The report is based on TechCrunch AI source material.
Related coverage
Why it matters
This move reflects the ongoing tension between releasing powerful AI tools for defensive research and the risk that these same capabilities could be used to automate cyberattacks.
Read next
Follow this story through the topic hub, more ai coverage, and the latest updates.
Weekly briefing
Get the week's key developments in one concise email.
Get a fast catch-up on the biggest stories, the context behind them, and the links worth your time.
Cadence
Weekly, for a quick catch-up
Coverage
AI, business, world, security, sports
Format
Clear takeaways and useful context
Request the briefing
Leave your email to open a prepared request and get on the list for the weekly briefing.
About the byline
AI reporter
Alex Rivera reports on artificial intelligence with an emphasis on model launches, frontier lab strategy, developer tooling, and the policy decisions shaping commercial deployment.
Sources and methodology