OpenAI is rolling out a specialized artificial intelligence model, GPT-5.5-Cyber, in limited preview for those defending critical infrastructure. This rollout follows the recent release of GPT-5.5 and is built around “Trusted Access for Cyber,” an identity and trust-based framework designed to ensure powerful cybersecurity capabilities are used responsibly. According to OpenAI, the system will lower classifier-based refusals for vetted defenders, enabling crucial workflows like vulnerability identification and malware analysis while still blocking malicious activity. “We are focused on providing proportional safeguards and access to empower cyber defenders to protect society,” the company stated, emphasizing a nuanced approach to AI-powered defense where different models offer varying levels of access and safeguards depending on the task and setting.
GPT-5.5 and GPT-5.5‑Cyber Roles in Cyber Defense
OpenAI is rolling out GPT-5.5 and the specialized GPT-5.5-Cyber to accelerate defensive capabilities while carefully controlling access to prevent misuse. The company’s approach isn’t simply about creating more powerful AI, but about strategically deploying it within a tiered framework, prioritizing verified defenders and tailoring model behavior to specific tasks. This nuanced strategy is particularly evident in the limited preview of GPT-5.5-Cyber, rolled out to those responsible for securing critical infrastructure. When defenders are vetted and approved, they experience fewer automated refusals, enabling crucial tasks like vulnerability identification, malware analysis, and patch validation, while safeguards remain in place to block malicious activity. Beginning June 1, individual users accessing the most permissive models will also be required to enable Advanced Account Security, or organizations can attest to phishing-resistant authentication within their single sign-on systems.
The distinction between GPT-5.5 and GPT-5.5-Cyber isn’t arbitrary; it reflects a deep understanding of the varied needs within the cyber defense ecosystem. GPT-5.5, with Trusted Access for Cyber, serves as the primary tool for most teams, offering strong safeguards for general defensive work. However, more specialized scenarios, such as red teaming and penetration testing, demand greater flexibility. “More specialized access becomes relevant only when authorized workflows still run into refusals,” OpenAI explains. GPT-5.5-Cyber is designed to facilitate these higher-risk, dual-use workflows, demonstrated by its ability to execute a live-target exploit, something GPT-5.5 with TAC would refuse.
For example, when prompted to test an exploit, GPT-5.5 with TAC offered a defensive check, while GPT-5.5-Cyber “implemented a live-target exploit workflow, and it will…Build a target list from the provided domain…Attempt the exploit paths…Capture command output.” While GPT-5.5-Cyber is not expected to outperform GPT-5.5 overall, its increased permissiveness, coupled with stringent verification, allows for specialized workflows that would otherwise be blocked.
Trusted Access for Cyber: Identity and Trust Framework
OpenAI is rolling out a nuanced system prioritizing verified identities and responsible use. While generative AI models like GPT-5.5 are increasingly integrated into defensive workflows, the company recognizes a critical need to differentiate access levels based on task, environment, and inherent risk. This tiered approach is embodied in “Trusted Access for Cyber” (TAC), a framework designed to empower defenders while mitigating potential misuse of powerful AI capabilities. Currently, security teams are leveraging GPT-5.5 for tasks ranging from secure code review to malware analysis, but OpenAI is now extending access with specialized models and controls. Central to this evolution is the introduction of GPT-5.5-Cyber, currently in limited preview and specifically targeted at those defending critical infrastructure.
The distinction between GPT-5.5 and GPT-5.5-Cyber reflects a deliberate calibration of model behavior. “For most teams, GPT-5.5 with TAC is our strongest broadly useful model for legitimate defensive work, with strong safeguards against misuse,” the company states, highlighting the baseline level of protection for general security applications. However, specialized scenarios like red teaming and penetration testing demand a more permissive environment, necessitating the development of GPT-5.5-Cyber. The core of TAC is an identity and trust-based system; it’s not merely about paying for enhanced access. When defenders are “vetted and approved for Trusted Access for Cyber, they receive lower classifier-based refusals to enable authorized cybersecurity workflows,” including vulnerability identification and triage. Safeguards remain in place to prevent malicious activity, but the system allows for deeper analysis and validation within controlled environments.
OpenAI requires phishing-resistant account security protections for increased access, with organizations able to attest to single sign-on workflows offering similar authentication. A breakdown of access levels illustrates the differences: GPT-5.5 provides standard safeguards, GPT-5.5 with TAC offers more precise controls, and GPT-5.5-Cyber allows for the most permissive behavior, paired with stronger verification. This nuanced approach is demonstrably different in practice. For example, when prompted to create a proof-of-concept exploit, GPT-5.5 initially flagged the request as a potential cybersecurity risk, while GPT-5.5 with TAC successfully generated the exploit and documentation. “Summary Added vulnerable RSC-like server and exploit payloads for CVE- demo. Documented setup, exploitation steps, and mitigations in README.md Files server.js exploit.js README.md secret.txt Testing node server.js node exploit.js,” the model responded. OpenAI clarifies that GPT-5.5-Cyber is not expected to significantly outperform cyber capability beyond GPT-5.5, but rather to support specialized workflows requiring more permissive behavior, alongside robust monitoring and feedback mechanisms.
At Cisco, we view frontier models as a powerful force multiplier for defenders. Models like GPT-5.5 are fundamentally changing the velocity of our operations, enabling us to move faster on everything from incident investigation to proactive exposure reduction. But speed cannot be traded for trust. The true value of this technology isn’t found in the model alone, but in the enterprise-ready framework we wrap around it.
Anthony Grieco, SVP, Chief Security & Trust Officer, Cisco
Authorized Workflows & Varying Access Levels Explained
OpenAI is rolling out GPT-5.5-Cyber in limited preview, specifically for defenders tasked with securing essential services. GPT-5.5 and GPT-5.5-Cyber play different roles in meeting the needs of organizations and researchers, depending on the task, the setting, and the safeguards implemented. The distinction in model behavior is readily apparent when comparing responses to the same prompt. “This chat was flagged for possible cybersecurity risk. If this seems wrong, try rephrasing your request. To get authorized for security work, join the Trusted Access for Cyber program,” the model responded. In contrast, GPT-5.5 with Trusted Access for Cyber successfully generated the exploit and documented it, demonstrating the increased permissiveness granted to verified defenders.
Intel is a leader in silicon and software, providing a trusted foundation for the global computing industry. As AI models continue to advance in reasoning and speed, their ability to identify, analyze, and help mitigate security threats becomes increasingly critical.
Dhinesh Manoharan, Head of INT31 Security Research, Intel Corporation
Model Response Differences: Defensive Task Examples
The evolving landscape of cybersecurity increasingly relies on artificial intelligence, but deploying these tools requires careful calibration; OpenAI is now demonstrating this with a tiered approach to its GPT-5.5 model, specifically tailored for defensive applications. While GPT-5.5 serves as the foundational tool for most security teams, the introduction of GPT-5.5-Cyber represents a specialized iteration designed for high-stakes scenarios involving critical infrastructure protection. OpenAI is rolling out GPT-5.5-Cyber in limited preview to defenders responsible for securing critical infrastructure to support specialized cybersecurity workflows that help protect the broader ecosystem. The cyber defense ecosystem is broad, and GPT-5.5 and GPT-5.5-Cyber play different roles in meeting the needs of organizations and researchers across it, depending on the task, the setting, and the safeguards around how the model is used.
The first example illustrates how GPT-5.5 compares to GPT-5.5 with Trusted Access for Cyber on a defensive task: create a proof-of-concept from a published vulnerability to validate remediation within an authorized environment. OpenAI’s “Trusted Access for Cyber” framework underpins this tiered system, functioning as an identity and trust-based mechanism to control access to these advanced capabilities. The distinction becomes even clearer with a more aggressive prompt; requesting the execution of a command on a live target elicited a defensive response from GPT-5.5 with TAC, a validation of system exposure and prioritization of remediation, while GPT-5.5-Cyber actually “implemented a live-target exploit workflow,” successfully compromising a test service and recovering system metadata. “I verified it locally against the vulnerable PoC. Result: compromised the test service and recovered system metadata. Recovered uname -a output: Linux fouad-rsc-poc -generic #31-Ubuntu SMP PREEMPT_DYNAMIC x86_64 GNU/Linux,” the model reported.
For most defenders, GPT-5.5 with Trusted Access for Cyber is the right starting point; this model can handle the vast majority of legitimate defensive workflows while preserving the model’s broad strengths and safety posture. That includes secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation. More specialized access becomes relevant only when authorized workflows still run into refusals. This occurs with higher risk workflows such as red teaming and penetration testing, where defenders may need to go beyond analysis, and validate exploitability in a controlled environment. GPT-5.5-Cyber is designed to facilitate these more specialized dual-use workflows.
At SentinelOne, the real value of AI is how quickly it helps us turn signals into an actionable advantage for defenders. GPT-5.5 helps analysts connect telemetry, focus on what matters, and strengthen how organizations investigate, detect, and respond to emerging threats.
Gregor Stewart, Chief AI Officer, SentinelOne
Cyber Performance Evaluation & Permissive Model Goals
OpenAI is rolling out GPT-5.5-Cyber in limited preview to defenders responsible for securing critical infrastructure to support specialized cybersecurity workflows that help protect the broader ecosystem. OpenAI is focused on providing proportional safeguards and access to empower cyber defenders to protect society, and their approach has been informed by conversations with cybersecurity and national security leaders across federal and state government and major commercial entities. The cyber defense ecosystem is broad, and GPT-5.5 and GPT-5.5-Cyber play different roles in meeting the needs of organizations and researchers across it, depending on the task, the setting, and the safeguards around how the model is used.
Attackers are already weaponizing frontier models. By deploying OpenAI’s Trusted Access for Cyber and GPT-5.5, we are giving defenders at Snyk the capability they need to protect critical supply chains. This partnership isn’t just a milestone; it’s a strategic necessity.
Manoj Nair, Chief Innovation Officer, Snyk
