GPT-5.5-Cyber: A Model for Defense, Not for Everyone

OpenAI CEO Sam Altman announced via his X account that the new model, GPT-5.5-Cyber, will begin distribution in the coming days to "critical cyber defenders." Technical specifications are not yet public, but according to available information, it will be a specialized variant of the recently introduced GPT-5.5 model, focused on threat hunting, vulnerability analysis, and real-time incident response.

Altman emphasized that OpenAI will "work with the entire ecosystem and government to ensure trusted access in the field of cybersecurity." The goal is to quickly help secure companies and infrastructure through controlled deployment, rather than a public release for a broad audience.

What the Base GPT-5.5 Can Already Do

Understanding GPT-5.5-Cyber is helped by looking at the parent model GPT-5.5, which OpenAI unveiled on April 29, 2026. This model achieves state-of-the-art results in a range of industry benchmarks:

• Terminal-Bench 2.0 — 82.7% accuracy in complex command workflows (state of the art).
• SWE-Bench Pro — 58.6% in solving real-world GitHub problems.
• GDPval — 84.9% in knowledge-work tests across 44 professions.
• OSWorld-Verified — 78.7% in controlling real computer environments.
• BixBench — 80.5% in bioinformatics and data analysis.

In addition, scientists inside OpenAI, using an internal version of the model, discovered a new mathematical proof in the area of Ramsey numbers, indicating advanced abstract reasoning capabilities.

"Trusted Access for Cyber": Trust Instead of a Free Market

Alongside the announcement of GPT-5.5-Cyber, OpenAI launched the "Trusted Access for Cyber" program. This will allow verified organizations protecting critical infrastructure access to so-called cyber-permissive models with fewer restrictions than ordinary users. According to the official statement, this move aims to "democratize access to important defensive capabilities" without compromising safety.

This approach marks a significant departure from OpenAI's traditional strategy, where new models reach millions of users via API or ChatGPT within days. For sensitive cyber capabilities, the company is opting for phased deployment, partnerships with governments, and security assessments, whose goal is to limit misuse while preserving beneficial applications.

The Dual-Use Problem: The Same Tool for Defense and Attack

The deliberately limited rollout reflects global concerns over the so-called dual-use nature of advanced AI. The same capabilities that allow the model to identify vulnerabilities in systems and simulate defensive scenarios could also be exploited by a malicious actor to design attacks, phishing campaigns, or automated searches for weak points.

Other players in the market are grappling with this dilemma too. For example, Anthropic, OpenAI's main competitor, recently refused to release certain parts of its model precisely out of fear of potential misuse in cyberspace. OpenAI, on the other hand, is choosing the path of verified access — the model will be available, but only under supervision.

Czech and European Relevance: Where Do We Stand?

For Czech and European readers, this topic is not distant. The European Union has already adopted the NIS2 Directive, which since October 2024 has tightened cybersecurity requirements for operators of critical infrastructure — including energy, transport, healthcare, the financial sector, and public administration. The Czech Republic is implementing this directive through its Cybersecurity Act.

At the same time, the EU AI Act classifies artificial intelligence systems used in critical infrastructure as "high-risk." This means that any AI model — including GPT-5.5-Cyber — deployed in European power plants, hospitals, or banks must meet strict requirements for transparency, human oversight, and robustness. For Czech organizations that might be interested in the model, this means that any potential operation will be subject not only to verification by OpenAI but also to regulatory checks under European law.

Meanwhile, demand for AI security tools is growing on the domestic scene. Czech companies such as Avast (now part of Gen Digital) and ESET have long been developing their own AI models for threat detection. A potential partnership or OpenAI certification for Czech entities could strengthen defensive capabilities, but it also raises questions about dependence on an American supplier in a sensitive area of national security.

Availability and Price

While the standard GPT-5.5 model is currently rolling out to subscribers of ChatGPT Plus ($20/month), Pro ($200/month), and business plans Business and Enterprise, the special GPT-5.5-Cyber variant will not be part of the regular consumer portfolio.

OpenAI has not disclosed a specific price list for "Trusted Access for Cyber." However, it can be expected that access will be conditional on a contractual relationship, a security audit, and probably also a government recommendation. For Czech companies and institutions, this means that if they express interest in the model, they will have to go through a verification process whose details the company has not yet disclosed.

What Does This Mean for the Future of AI in Security?

The announcement of GPT-5.5-Cyber signals that cybersecurity is becoming a central battleground for deploying frontier AI models. Enterprises and governments worldwide are already experimenting with automating security operations, detecting anomalies in network traffic, and instant incident response. At the same time, the number of AI-assisted cyberattacks is growing — more sophisticated phishing, automated vulnerability scanning, and malicious code generation.

OpenAI is thus entering an environment where the stakes are not just technological superiority, but also trust and regulation. The decision to work directly with governments on controlled deployment could set an example for other model developers — especially at a time when European regulators are preparing for the first round of inspections under the AI Act.