OpenAI opens GPT-5.5-Cyber — a model variant with relaxed safety filters for vetted defender teams
On 7 May 2026, OpenAI announced GPT-5.5-Cyber — a variant of the current GPT-5.5 model with relaxed safety filters for vetted cybersecurity teams. Access runs through a new program called Trusted Access for Cyber (TAC); Sam Altman announced rollout would begin “in the next few days”. This is the first time OpenAI officially gives an external customer base a model with reduced refusals — and it’s a clear signal aimed at Anthropic, whose Mythos model previewed similar use cases in April.
What changed in concrete terms
- Two tracks instead of one: GPT-5.5 with standard guardrails for everyone, GPT-5.5-Cyber with relaxed filters for TAC-approved teams.
- Lower classifier-based refusal rates for authorized defender workflows — meaning the model declines fewer requests that fall into a cyber context.
- Specific use cases: vulnerability identification & triage, patch validation, malware analysis, binary reverse engineering, detection engineering.
- Verification via application + TAC program: apply on OpenAI’s website, identity and trust review, then limited preview.
- Market context: Anthropic previewed a comparable defender variant, Mythos, in April 2026; OpenAI is now catching up.
What was the case before
Until May 2026, OpenAI ran the same filter stack for every user of a GPT-5 variant — be it a ChatGPT free user, an API customer or a verified security team. In practice that meant: many cyber workflows hit refusals. Anyone trying to analyze a piece of potentially suspect code, reverse-engineer a binary or reproduce an exploit for a known CVE was likely to get “I can’t help with that”, depending on the prompt phrasing — even when the use case was clearly defensive and legitimate.
This hit detection engineers, incident responders and threat intelligence teams especially hard: professionals whose job is precisely to work with potentially dangerous material in order to defend against it.
What’s the case now
1. Two-track model. OpenAI now runs two separate filter configurations under the GPT-5.5 umbrella. The standard variant stays as is — strict refusals on anything that smells like offensive security. The Cyber variant lowers the classifier-based threshold for a defined list of defensive workflows. This is a clear break from OpenAI’s previous “one model, one policy” line.
2. TAC as the gatekeeper. Trusted Access for Cyber is OpenAI’s identity-based verification framework. You apply via a web form, OpenAI reviews credentials (corporate identity, defender role, context), and only approved teams get API access to the Cyber variant. CEO Sam Altman announced rollout would begin “in the next few days” after 7 May; limited preview means: not everyone who applies gets in.
3. Concrete use cases are named. Unlike vague “we trust security researchers” statements, OpenAI explicitly lists five workflows: vulnerability identification and triage, patch validation, malware analysis, binary reverse engineering, detection engineering. These are the tasks where the model refuses less. Offensive use cases (exploit development, red-team activity against unauthorized targets) remain blocked even in the Cyber variant.
4. Competitive dynamic with Anthropic. Anthropic previewed its own defender model, Mythos, in April 2026. OpenAI’s GPT-5.5-Cyber is the direct response, with one important nuance: OpenAI keeps the standard variant with strict guardrails alongside it in the market — Anthropic’s Mythos is a standalone model variant. OpenAI is trying to serve both the “fewer filters” wish and the “more safety” wish under one roof.
Why it matters
The bigger story here is the policy shift, not the model update. OpenAI long insisted that safety filters had to be universal — a question of trust, not configuration. With TAC, the position shifts: filters are now a function of trust, and trust is verifiable. That opens a door OpenAI had previously kept shut.
Risk: the verification has to hold. If TAC leaks — leaked credentials, compromised defender accounts, insider abuse — OpenAI is sitting on a story that’s hard to escape. The benefit to legitimate defenders is real (less friction on routine tasks), but the operational burden on OpenAI is new: vetting, audit, revocation all have to work.
For European security teams, the practical question is: is it worth applying? If your team currently uses ChatGPT/API for defensive workflows and regularly hits refusals, applying makes sense — limited preview is the way to be early in line. If you already rely on Anthropic, local LLMs or specialized security models like Mistral Small Reasoning, the TAC overhead may not be necessary.
What you can do now
If you work in a defender team: Check the TAC program on openai.com and submit an application if you regularly run vulnerability triage, malware analysis or detection engineering on OpenAI models. Limited preview means: first in, first served — documenting use cases and the defender role can only help.
If you run a multi-vendor setup: Watch how OpenAI’s TAC and Anthropic’s Mythos evolve. Both programs are preview-stage — terms, access barriers and filter behavior will shift over the next few months. Don’t lock in to one model prematurely.
If you have compliance responsibility: A TAC application creates an audit trail at OpenAI — who on the team has access, what they’re allowed to do. Clarify internally who owns this on your side before someone applies on their own initiative.
Entdecke mehr
Three Days with Claude Fable 5 — and Why Opus Stays My Daily Driver
Fable 5 fixed a bug in one shot that Opus failed at twice. I'm still not switching. My honest impressions from the trenches after three days.
GlossarGPT-4o
GPT-4o (May 2024) was OpenAI's first natively multimodal model — text, audio and image in a single model, with a real-time voice mode and substantially lower cost than GPT-4 Turbo.
LexikonComparing AI models — who builds what and how to choose
The major model families in 2026 at a glance. Who builds Claude, GPT, Gemini, Llama, Mistral, DeepSeek, Qwen — and which model to pick when.