OpenAI Deploys GPT-5.5-Cyber in Limited Preview to Counter Anthropic's Mythos

OpenAI announced on Thursday that GPT-5.5-Cyber, a specialized variation of its latest artificial intelligence model, is now rolling out in limited preview to vetted cybersecurity teams. The move comes roughly one month after rival Anthropic captivated investors and government officials with Claude Mythos Preview, a model that demonstrated alarming capabilities in identifying and exploiting software vulnerabilities.

The preview of GPT-5.5-Cyber is not positioned as a major leap in raw cyber capability. Instead, OpenAI designed it to be more permissive on security-related tasks than the generally available GPT-5.5 model. The safeguards built into the standard release would have made certain security workflows more challenging for legitimate defenders.

With the cyber-specific version, vetted teams can use OpenAI's latest model for workflows like vulnerability identification and triage, patch validation, and malware analysis. "GPT-5.5-Cyber lets a smaller set of partners study advanced workflows where specialized access behavior may matter," OpenAI stated in its blog post.

This announcement represents a direct competitive response to Anthropic's Mythos Preview, which was officially announced on April 7, 2026. According to Anthropic's official blog post, Mythos Preview performs strongly across general tasks but is "strikingly capable at computer security tasks." The company launched Project Glasswing alongside the model, an initiative to use Mythos to help secure critical software worldwide.

The stakes are unusually high. During testing, Mythos Preview demonstrated the ability to identify and exploit zero-day vulnerabilities in every major operating system and web browser when directed. In one documented case, it wrote a web browser exploit that chained together four vulnerabilities, creating a complex JIT heap spray that escaped both renderer and OS sandboxes.

Non-experts can also leverage Mythos to find sophisticated vulnerabilities. Engineers at Anthropic with no formal security training asked the model to find remote code execution vulnerabilities overnight and woke up to complete, working exploits the next morning. The capabilities emerged as a downstream consequence of general improvements in code, reasoning, and autonomy—not from explicit training for these tasks.

Anthropic CEO Dario Amodei met with senior members of the Trump administration to discuss the model's potential power, even after the company had been blacklisted by the Pentagon just weeks earlier. Federal Reserve Chairman Jerome Powell and Treasury Secretary Scott Bessent met with major U.S. bank CEOs to discuss Mythos, and Vice President JD Vance held a call with leading tech CEOs ahead of the model's release.

According to CNBC's reporting, OpenAI's GPT-5.5-Cyber rollout is a strategic countermove. The company announced GPT-5.5 late last month, and this cyber-specific variant represents a narrower, more controlled deployment path.

The physical reality of these models matters. Security teams using GPT-5.5-Cyber will experience fewer friction points when running vulnerability scans. The standard model's safety filters would have blocked certain queries that are legitimate for security professionals but appear risky to the general system. This is the difference between a tool that works and one that constantly asks you to justify your work (a problem that has plagued users for years, frankly).

Anthropic's approach has been more restrictive. The company limited Mythos access to a select group of companies as part of Project Glasswing. Only 11 organizations were named as partners to help mount a defense, all from the United States. Britain was the only other nation to gain access, with its AI Security Institute publishing an independent evaluation confirming the model's capabilities.

The European Commission has met with Anthropic at least three times since the Mythos release but has not received access to the model. The two sides have not agreed on how to share it. Germany's cybersecurity agency, B.S.I., also has not received access but met with Anthropic employees in San Francisco for "meaningful insight" into how it works.

For U.S. rivals like China and Russia, Mythos underscored the security consequences of falling behind in the AI race. One Russian pro-Kremlin outlet called the model "worse than a nuclear bomb." The responses illustrated a reality that AI researchers have long warned about: whoever leads in building the most powerful AI models will gain outsize geopolitical advantages.

OpenAI's GPT-5.5-Cyber represents a different strategy. By limiting access to vetted cybersecurity teams, the company is attempting to balance defensive utility with safety concerns. The model is not intended to be a major step up in cyber capability but rather a more permissive version for legitimate security work.

Anthropic has stated it expects other groups to release AI models with similar cyber capabilities more widely within at least 18 months. This gives organizations limited time to make necessary security fixes. The company has no immediate timeline for widely expanding Mythos access but will work with the U.S. government and industry partners to determine next steps.

Whether OpenAI's more controlled approach will satisfy security teams or if Anthropic's broader Project Glasswing will set the industry standard remains uncertain. The real question is whether either company can keep these capabilities out of the hands of bad actors while defenders catch up. Time will tell if the vetting process actually works.

Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn