OpenAI launched GPT-5.5-Cyber amid Anthropic restrictions - ForkLog

# OpenAI Launches GPT-5.5-Cyber Amid Anthropic Restrictions

June 22, OpenAI released the full version of GPT-5.5-Cyber — a specialized model for searching, verifying, and fixing vulnerabilities. The release occurred against the backdrop of restrictions surrounding Anthropic.

According to the statement, GPT-5.5-Cyber is part of the Daybreak program and will not be available to the general public. The model is intended for verified cybersecurity professionals who need more powerful capabilities for authorized protective work.

How the Window for OpenAI Emerged

June 9, Anthropic opened access to two versions of a family of Claude models. Fable 5 was described by the company as a Mythos-class solution, but safe for general use. Claude Mythos 5 is a "private" base model with relaxed restrictions in certain areas. However, on June 12, the developer disabled them following a directive from the U.S. government under export controls.

This decision caused problems not only for regular users. On June 23, Legion filed a lawsuit against the U.S. government over the directive, reports Reuters. The organization is based in San Jose, but its development team is located in Canada. According to the agency, Legion stated that losing access to Anthropic models disrupted its tools for preparing legal documents and managing cases.

In response, OpenAI chose a different path: the company clarified that it had initially coordinated checks with U.S. federal agencies and then released GPT-5.5-Cyber only to verified users.

What GPT-5.5-Cyber Can Do

According to OpenAI, GPT-5.5-Cyber scored 85.6% on CyberGym compared to 81.8% for standard GPT-5.5. This metric focuses on reproducing known vulnerabilities in controlled software environments. It does not cover the full spectrum of real-world attacks and defense scenarios.

Source: OpenAI. The OpenAI blog also reports results on other tests. On ExploitGym, the model scored 39.5% versus 25.95% for regular GPT-5.5. On SEC-bench Pro — 69.8% versus 63.1%. The first test evaluates the ability to turn a known vulnerability into a working exploit, the second — long-term vulnerability hunting and proof-of-concept creation in complex software targets.

Source: OpenAI. OpenAI emphasized that the goal of Daybreak is not just to find more vulnerabilities but to accelerate their fixing. According to the company, since March, the cloud version of Codex Security has scanned over 30 million commits across more than 30,000 codebases, and human reviewers have marked over 70,000 findings as fixed.

According to Decrypt, GPT-5.5-Cyber outperformed Anthropic Mythos 5 on CyberGym: 85.6% versus 83.8%. However, other public assessments paint a more complex picture. On April 30, UK AI Security Institute reported that GPT-5.5 completed a 32-step corporate attack simulation called The Last Ones from start to finish in 2 out of 10 attempts. Mythos Preview succeeded in 3 out of 10 attempts.

Later, AISI updated the data: the new version of Mythos Preview completed The Last Ones in 6 out of 10 attempts and for the first time finished the second scenario, Cooling Tower, in 3 out of 10 attempts. GPT-5.5 in this update completed The Last Ones in 3 out of 10 attempts.

How OpenAI Restricts Access

GPT-5.5-Cyber is not intended for public access. OpenAI clarified that the model is designed for verified users who need stronger cyber capabilities and authorized behavior in approved scenarios. For most clients, the company still recommends GPT-5.5 with Trusted Access for Cyber and Codex Security.

OpenAI also launched the Daybreak Cyber Partner Program. In its blog, the company listed participants including Akamai, Check Point, Cisco, CrowdStrike, IBM, Palo Alto Networks, Proofpoint, SentinelOne, Wiz, Zscaler, and other cybersecurity firms.

Source: OpenAI. Another initiative is Patch the Planet, aimed at open-source projects. The program was created together with Trail of Bits, involving HackerOne, Calif, researchers, and maintainers. Among the first participants are cURL, Go, Python, Sigstore, and pyca/cryptography.

Earlier, cyber agencies from the U.S., U.K., Canada, Australia, and New Zealand stated that advanced AI models could change offensive and defensive capabilities in cyberspace within months, not years. According to the report authors, artificial intelligence lowers the entry barrier for malicious actors, accelerates attacks, and shortens the window between vulnerability discovery and exploitation.

Recall that in June, Anthropic team published a blog titled Claude Zero Trust for AI Agents, providing guidance on securely deploying autonomous AI agents in corporate environments. The document outlines key risks of agent systems and approaches to business cybersecurity.