OpenAI locks GPT-5.5 Cyber behind a gate it just criticized Anthropic for

OpenAI just announced that GPT-5.5 Cyber, its newest cybersecurity testing tool, will only be available to “critical cyber defenders” at launch. That’s a pretty tight gate for a model they’ve been hyping as a breakthrough for automated vulnerability detection and red-teaming.

Here’s the thing that’s sticking in my craw: just a few months ago, OpenAI publicly criticized Anthropic for doing the exact same thing with Mythos, their own cybersecurity-focused model. Back then, OpenAI’s argument was that restricting access to powerful security tools undermines the open research community and slows down collective defense. Now they’re pulling the same move, and it feels less like principle and more like strategy.

To be fair, there are legitimate reasons to be cautious. GPT-5.5 Cyber can generate exploit code, probe network defenses, and even simulate sophisticated attack chains. In the wrong hands, that’s a weapon. But Anthropic made the same case for Mythos, and OpenAI didn’t buy it then. The difference? OpenAI is now the one holding the keys.

The rollout will be phased. First up: government agencies, critical infrastructure operators, and a handful of elite security firms. The rest of us — independent researchers, smaller companies, open-source projects — get to wait. OpenAI says they’ll expand access “as safety benchmarks are met,” but there’s no timeline and no clear criteria. That’s not transparency; that’s a trust-me-bro promise.

What’s particularly frustrating is that this move undermines the very ecosystem OpenAI claims to support. Cybersecurity is a field where rapid, open sharing of tools and techniques saves lives (and data). Locking the most advanced model behind an invite-only system creates a two-tiered security world: the haves and the have-nots. And the have-nots are exactly the ones who need it most — small hospitals, local governments, underfunded school districts.

I’m not saying OpenAI should just dump a weaponized LLM into the wild. But the way they’ve handled this — the silence about Anthropic’s concerns, the sudden reversal, the vague rollout plan — makes it hard to take their safety rhetoric seriously. If you’re going to gate a model, at least be honest about why, and don’t pretend you’re above the very trade-offs you criticized others for making.

GPT-5.5 Cyber itself looks genuinely impressive. Early benchmarks show it outperforming both GPT-4 and Mythos on common CTF (Capture The Flag) challenges and real-world CVE replication. It’s faster, more accurate, and better at chaining exploits together. The technology is solid. The politics around it are not.

For now, if you’re not a “critical cyber defender,” you’re stuck watching from the sidelines. And if you’re a small team trying to keep your systems safe, you’re left wondering why the company that preached openness is now building walls — with your security on the other side.