According to OpenAI, GPT-5.5-Cyber is part of the Daybreak programme and will not be available to the general public. The model is designed for verified cybersecurity professionals who require stronger capabilities for authorised defensive work.
How the opportunity emerged for OpenAI
On June 9, Anthropic opened access to two versions of the same Claude model family. The company described Fable 5 as a Mythos-class solution that was safe for general use. Claude Mythos 5, meanwhile, was positioned as a “private” base model with reduced safeguards in certain areas.
However, on June 12, the developer disabled both models after receiving a directive from the US government under export-control rules. The decision created issues not only for regular users. On June 23, Legion filed a lawsuit against the US government over the directive, Reuters reported.
The organisation is based in San Jose, while its development team is located in Canada. According to the agency, Legion said that losing access to Anthropic’s models disrupted its tools for preparing legal documents and managing cases.
Against this backdrop, OpenAI chose a different approach. The company said it had coordinated evaluations with US federal agencies in advance and then opened GPT-5.5-Cyber only to verified users.
What GPT-5.5-Cyber can do
According to OpenAI, GPT-5.5-Cyber scored 85.6% on CyberGym, compared with 81.8% for the standard GPT-5.5 model. This benchmark focuses on reproducing known vulnerabilities in controlled software environments. It does not cover the full range of real-world attack and defence scenarios.
OpenAI’s blog also reported results from other benchmarks. On ExploitGym, the model scored 39.5%, compared with 25.95% for standard GPT-5.5. On SEC-bench Pro, it achieved 69.8%, versus 63.1%.
The first benchmark evaluates the ability to turn a known vulnerability into a working exploit, while the second measures long-horizon vulnerability discovery and proof-of-concept creation in complex software targets.
OpenAI stressed that Daybreak is not only intended to find more vulnerabilities, but also to speed up remediation. According to the company, since March, the cloud version of Codex Security has scanned more than 30 million commits across over 30,000 codebases, while human reviewers marked more than 70,000 findings as fixed.
According to Decrypt, GPT-5.5-Cyber outperformed Anthropic Mythos 5 on CyberGym, scoring 85.6% versus 83.8%. However, other public evaluations paint a more complex picture.
On April 30, the UK AI Security Institute reported that GPT-5.5 completed the 32-step corporate attack simulation The Last Ones from start to finish in 2 out of 10 attempts. Mythos Preview succeeded in the same scenario in 3 out of 10 attempts.
Later, AISI updated the figures: a new version of Mythos Preview completed The Last Ones in 6 out of 10 attempts and, for the first time, completed a second scenario, Cooling Tower, in 3 out of 10 attempts. In this update, GPT-5.5 completed The Last Ones in 3 out of 10 attempts.
How OpenAI restricts access
GPT-5.5-Cyber is not intended for public access. OpenAI clarified that the model is designed for verified users who need stronger cyber capabilities and more permissive model behaviour in authorised scenarios.
For most customers, the company continues to recommend GPT-5.5 with Trusted Access for Cyber and Codex Security.
OpenAI has also launched the Daybreak Cyber Partner Program. In its blog, the company listed Akamai, Check Point, Cisco, CrowdStrike, IBM, Palo Alto Networks, Proofpoint, SentinelOne, Wiz, Zscaler, and other cybersecurity companies among the participants.
Another initiative is Patch the Planet, a programme for open-source projects. It was created together with Trail of Bits, with participation from HackerOne, Calif, researchers, and maintainers. Early participants include cURL, Go, Python, Sigstore, and pyca/cryptography.
Previously, cyber agencies from the United States, the United Kingdom, Canada, Australia, and New Zealand stated that advanced AI models could transform offensive and defensive capabilities in cyberspace within months rather than years. According to the report’s authors, artificial intelligence lowers the barrier to entry for malicious actors, accelerates attacks, and shortens the window between vulnerability discovery and exploitation.
Conclusion
GPT-5.5-Cyber reflects the growing use of advanced AI for authorised vulnerability research and faster remediation. Restricting access to verified professionals may help balance defensive security benefits with the risks of misuse.
ES
EN