OpenAI is separating cyber defense access from consumer AI safety rules

OpenAI has released a specialized model variant called GPT-5.5-Cyber for vetted security researchers, marking a notable shift in how frontier AI companies are handling dual-use capabilities. According to the supplied report, the system is available through a “Trusted Access for Cyber” program and is intended for defenders protecting critical infrastructure, not the general public.

The move reflects a tension that has become harder for AI labs to ignore. The same safeguards that block malicious hacking requests also obstruct legitimate defensive work, including vulnerability reproduction, patch verification, and malware analysis. OpenAI’s response is to split access into tiers rather than maintain one universal safety posture.

How the access model works

The report says OpenAI is now using three levels of access. The public model keeps standard restrictions. A middle tier relaxes filters for defensive security work. GPT-5.5-Cyber, the most permissive tier, is reserved for authorized penetration testing and related high-sensitivity tasks.

OpenAI says the system still blocks actions such as stealing passwords or attacking third-party systems. But the examples cited in the source make clear that the Cyber variant permits a level of operational detail that mainstream AI systems usually refuse. In one demonstration described there, the model not only generated exploit code for a known vulnerability but carried out the attack against a test server, took control of the machine, and read system information back.

That is not a small policy tweak. It is a formal acknowledgment that advanced cyber defense increasingly requires AI systems capable of doing things that, outside controlled settings, would look indistinguishable from offensive tradecraft.