OpenAI just rolled out GPT-5.5-Cyber to vetted cybersecurity teams. The launch landed on May 7, 2026, per CNBC. Access is limited. The model is trained to be more permissive on security-related tasks — vulnerability identification and triage, patch validation, malware analysis — than the standard public release of GPT-5.5.
The context is the part to read carefully. A month ago, when Anthropic announced Claude Mythos Preview with similarly restricted access, Sam Altman publicly called the approach "fear-based marketing." Today OpenAI is shipping the same playbook. Restricted access, vetted teams, security-first framing. Per Axios, sources familiar with GPT-5.5-Cyber's capabilities say the model is "roughly on par with Mythos."
The practical question for security teams is whether GPT-5.5-Cyber's permissive tuning unlocks workflows that the standard GPT-5.5 throttles. Anthropic's Mythos-class models have been usable inside coalition partners (Project Glasswing) for several weeks. OpenAI is now competing for the same internal security workflow inside enterprise SOCs and frontier-lab red teams.
Why this matters: the cyber-AI category just stopped being a single-vendor story. As of today, both OpenAI and Anthropic ship restricted-access frontier models tuned for offensive and defensive security work. The vetting process is now the gating step. Buyers who want production access need to be in the right partner program with one of the two labs.
What to watch: whether Google ships a Gemini-Cyber variant in the next 60 days, and whether CAISI's pre-deployment evaluations apply differently to the cyber-tuned variants. Both moves would reset the regulatory shape of the category.