OpenAI Joins Anthropic in Locking Down Frontier Cyber AI

OpenAI has confirmed that its latest frontier cybersecurity model, GPT-5.5-Cyber, will be released exclusively through a “Trusted Access for Cyber” program aimed at pre-vetted “critical cyber defenders.” The company told Axios and The Verge that general-public access is off the table, at least for the initial phase. The decision echoes competitor Anthropic’s recent move to keep its Claude Mythos Preview behind closed doors, citing the model’s ability to surface thousands of software vulnerabilities in minutes and the risk of malicious misuse. According to Wired, OpenAI’s safeguards have been judged “sufficiently” strong for now, but the firm still chose the same gated path.

The twin gatekeeping decisions by OpenAI and Anthropic signal a decisive break from the open-weight or open-access ethos that once characterized much of the AI boom. Securityweek notes that both companies are now treating their most capable models as controlled substances: useful only in the hands of licensed specialists. That shift could starve smaller security vendors and independent researchers of the very tooling they need to keep pace with nation-state actors, while reinforcing a two-tier ecosystem where only well-funded institutions get frontier capabilities. Open-source projects that hoped to fine-tune or audit these models will be locked out entirely.

For Fortune 500 CISOs, the restriction is a double-edged sword. On one hand, early access to GPT-5.5-Cyber promises a competitive edge in threat hunting and red-team automation. On the other, procurement teams must now apply for “Trusted Access” status, a vetting process whose criteria remain opaque. Nextgov reports that defense contractors and federal agencies are already lobbying for priority slots, which could leave commercial firms waiting months or years. The upshot: enterprise budgets may pivot toward established security vendors who secure early partnerships, accelerating consolidation at the top of the market.

Both companies have hinted that wider availability hinges on “deployment safety thresholds” rather than fixed timelines. Bloomberg’s sources suggest OpenAI is preparing a tiered release: first critical infrastructure, then MSSPs, and finally broader enterprise tiers once misuse metrics stabilize. Meanwhile, regulators on both sides of the Atlantic are watching closely; EU officials told Scientific American they may classify such models as dual-use exports if the gatekeeping persists. Expect public comment periods and possible export-license requirements before any general release. Until then, the cybersecurity talent gap just got a lot wider.