OpenAI will roll out its cybersecurity testing tool GPT-5.5 Cyber only to "critical cyber defenders" initially, CEO Sam Altman confirmed Thursday.

The restricted launch mirrors Anthropic's approach with its competing tool Mythos — a strategy Altman previously dismissed as "fear-based marketing" just nine days earlier.

Altman announced the limited rollout in a post on X, directing interested users to OpenAI's application portal where they must submit credentials and planned use cases for access. The company has established what it calls Trusted Access for Cyber (TAC), a tiered verification system for cybersecurity professionals.

What GPT-5.5 Cyber does

The tool performs penetration testing, vulnerability identification and exploitation, plus malware reverse engineering. It's designed to help companies find security holes and test defenses, but could potentially be misused by malicious actors.

OpenAI's spokesperson said TAC has scaled to "thousands of verified defenders and hundreds of teams responsible for protecting critical software." These users can access GPT-5.5 for cybersecurity tasks with reduced safeguard friction.

The permissions program operates in tiers. Critical defenders with legitimate use cases can apply for access to dedicated cyber-permissive models like GPT-5.4 Cyber and the forthcoming GPT-5.5 Cyber.

The irony of restricted access

When Anthropic limited Mythos access in April, Altman criticized the approach as overblown fear-mongering. Critics echoed this sentiment, questioning whether Anthropic's rhetoric matched the actual risk.

The criticism proved prescient when an unauthorized group reportedly gained access to Mythos anyway, undermining the security-through-obscurity approach.

OpenAI says it's consulting with the U.S. government to identify more legitimate users and expand access responsibly. The company aims to make Cyber more widely available while maintaining security controls.

The competing cybersecurity tools represent a new front in the AI safety debate, with both companies now adopting similar gatekeeping strategies despite public criticism of the approach.