OpenAI Limits Access to New Cybersecurity Tool Cyber After Criticizing Anthropic's Gatekeeping
Key Points
- OpenAI will begin rolling out GPT-5.5 Cyber to "critical cyber defenders" within days.
- Access requires applicants to submit credentials and intended use via an online form.
- Cyber can perform penetration testing, vulnerability exploitation, and malware reverse engineering.
- CEO Sam Altman criticized Anthropic's gatekeeping of Mythos as fear‑based marketing.
- An unauthorized group reportedly accessed Anthropic's Mythos despite restrictions.
- OpenAI is consulting with the U.S. government to broaden access to verified security professionals.
- The rollout reflects industry concerns about preventing misuse of powerful AI tools.
OpenAI announced it will roll out its GPT-5.5 Cyber suite to a select group of "critical cyber defenders" in the coming days, mirroring Anthropic's recent restriction of its Mythos tool. CEO Sam Altman posted on X that access will be granted through an application process that verifies users' credentials and intended use. The move aims to keep the powerful capabilities—penetration testing, vulnerability exploitation, and malware reverse engineering—from falling into the hands of malicious actors while the company consults with the U.S. government on broader availability.
OpenAI is set to limit distribution of its latest cybersecurity offering, GPT-5.5 Cyber, to a narrowly defined audience of "critical cyber defenders" after CEO Sam Altman publicly rebuked Anthropic for doing the same with its Mythos tool. In a post on X on Thursday, Altman said the rollout would begin within days, but only after applicants submit detailed information about their professional credentials and planned usage.
The application, hosted on OpenAI's website, asks prospective users to describe their security qualifications and outline how they intend to employ the tool. According to the form, Cyber can conduct penetration testing, identify and exploit vulnerabilities, and reverse‑engineer malware—functions that could be invaluable for defending corporate networks but also attractive to threat actors.
Altman's criticism of Anthropic centered on what he called "fear‑based marketing" after the rival firm limited Mythos to a select user base. Critics echoed his sentiment, suggesting Anthropic overstated the risks of broader access. Ironically, an unauthorized group reportedly breached Anthropic's restrictions and gained access to Mythos anyway.
OpenAI's decision reflects a growing tension in the AI community: balancing the rapid deployment of powerful tools with the need to prevent misuse. By restricting Cyber, the company hopes to keep the technology out of the hands of bad actors while still providing legitimate security teams with advanced capabilities.
In parallel with the rollout, OpenAI said it is consulting with the U.S. government to identify additional users who possess verified cybersecurity credentials. The company emphasized that it aims to make Cyber more widely available once it can ensure proper oversight and responsible use.
Industry observers note that the selective approach mirrors a broader trend among AI developers to gatekeep high‑risk models. While the strategy may slow adoption, proponents argue it is a necessary precaution as AI tools become increasingly adept at automating sophisticated attacks.
OpenAI has not disclosed how many organizations or individuals will receive early access, nor the timeline for expanding the user pool beyond the initial group. The company’s next steps will likely hinge on feedback from the early adopters and ongoing discussions with regulators.