GPT-5.5 and GPT-5.5-Cyber: Towards Cutting-Edge Cybersecurity

A New Chapter for Cybersecurity with GPT-5.5

The introduction of GPT-5.5 marks a significant advancement in the field of cybersecurity. Launched two weeks ago, this model is described as the most intelligent and intuitive to date. It aims to provide powerful capabilities to developers and security teams through a framework called Trusted Access for Cyber (TAC).

Last week, an action plan titled Cybersecurity in the Age of Intelligence was published. This document emphasizes the commitment to democratizing AI-powered cyber defense, with the goal of accelerating cybersecurity defenders by providing a robust foundational infrastructure.

Launch of GPT-5.5-Cyber

Today, GPT-5.5-Cyber is being deployed in a limited preview. This model is specifically intended for defenders responsible for securing critical infrastructures. It is designed to support specialized cybersecurity workflows, thereby contributing to the protection of a broader ecosystem.

The development of these models has been guided by discussions with cybersecurity and national security leaders at both federal and state levels, as well as with major commercial entities.

How Trusted Access for Cyber Works

Trusted Access for Cyber is a framework based on identity and trust. It ensures that enhanced cyber capabilities are utilized by verified defenders. This system reduces denials based on classifiers for approved users, enabling tasks such as vulnerability identification, malware analysis, and patch validation.

Protections remain in place to block malicious activities, including credential theft and malware deployment. Starting June 1, 2026, members will need to enable Advanced Account Security to access the most permissive models. Organizations with trusted access can attest that they have phishing-resistant authentication as part of their single sign-on workflow.

Access Levels and Use Cases

Access levels vary by model:

• GPT-5.5 (default): Used for general use with standard protections.
• GPT-5.5 with TAC: Offers precise protections for verified defensive work.
• GPT-5.5-Cyber: Features permissive behavior for specialized workflows, with strict verifications.

The anticipated use cases for GPT-5.5-Cyber include authorized red teaming, penetration testing, and controlled validation. These models address different needs based on tasks and contexts, with tailored protections for each access level.

Performance and Deployment of GPT-5.5-Cyber

While GPT-5.5-Cyber is more permissive for certain tasks, it is not intended to outperform GPT-5.5 in all cybersecurity assessments. The goal is to support an iterative deployment, enabling defenders while securing specialized workflows.

For most security tasks, GPT-5.5 with Trusted Access for Cyber remains the recommended solution, offering a balance between performance and security.

GPT-5.5 is our most intelligent and intuitive model for general knowledge work and cybersecurity tasks, and it is the model we expect most defenders to use. We evaluate cybersecurity performance on tasks requiring multi-step reasoning, tool usage, and persistence through realistic defensive workflows.

The initial preview of permissive cyber models like GPT-5.5-Cyber is not intended to significantly increase cyber capability beyond GPT-5.5—it is primarily trained to be more permissive on security-related tasks.

As a result, this initial preview should not surpass GPT-5.5 in every cybersecurity assessment. Instead, it supports an iterative deployment process to both accelerate defenders and safely support more specialized authorized workflows that require more permissive behavior, coupled with stricter verification, abuse monitoring, approved usage framing, and partner feedback.

For now, GPT-5.5 with Trusted Access for Cyber remains the recommended starting point for most security workflows.