Less than a month after publicly criticizing Anthropic for limiting access to Mythos - their AI model built for offensive security research - OpenAI is deploying the same strategy with GPT-5.5 Cyber.
OpenAI will roll out GPT-5.5 Cyber only to "critical cyber defenders" at first. That means vetted security researchers, incident response teams, and infrastructure defenders - not general developers or ChatGPT subscribers. Broader access will follow, but on OpenAI's terms and timeline.
The timing is awkward. When Anthropic restricted Mythos earlier this year, OpenAI was pointed in its criticism, framing the move as overly conservative. Now OpenAI is following an identical access control model.
The underlying logic is the same in both cases: models trained to find and exploit security vulnerabilities are inherently dual-use. The same capability that helps a defender probe their own network for weaknesses can help an attacker probe someone else's. Access restrictions don't solve that problem - they just make it slightly harder to misuse.
What this pattern tells us is that major AI labs are landing on the same uncomfortable answer to dual-use risk: build the capability, then gate who can reach it. That's a defensible position. But it's harder to defend when the company doing it spent weeks arguing the opposite.
For security practitioners waiting on GPT-5.5 Cyber, expect a slow rollout similar to how OpenAI has handled other specialized access programs. "Critical cyber defenders" is a narrow category, and the expansion criteria haven't been published.