Three things landed on cybersecurity’s desk this week, and they need to be read together.
On May 7, OpenAI shipped GPT-5.5-Cyber in limited preview to vetted defenders, alongside a wider rollout of GPT-5.5 under a new “Trusted Access for Cyber” framework. The model is “the most permissive version” OpenAI has shipped for cybersecurity workflows — explicitly tuned to refuse less when authorized defenders ask it to triage vulnerabilities, analyze malware, reverse-engineer binaries, build detections, or validate patches.
That same week, the cybersecurity press kept circling back to Claude Mythos — Anthropic’s unreleased frontier model — which has, in pre-release testing, identified thousands of previously unknown zero-day vulnerabilities across every major operating system and every major web browser. Anthropic has declined to make Mythos generally available; defenders access it through Project Glasswing, an industry consortium that already includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
And on Wednesday May 6, NEC Director Kevin Hassett confirmed the White House is preparing an executive order that would require AI models to be evaluated before public release — Hassett’s words: “like an FDA drug.” Bloomberg, the New York Times, and federal news outlets all describe a draft order. Hassett said the testing would “really quite likely” apply to all AI companies. The Commerce Department’s CAISI program expanded the same week, with Google, Microsoft, and xAI joining OpenAI and Anthropic in voluntary pre-deployment evaluation agreements.
Three vendors. Three release postures. One regulatory wave that may compress the whole timeline. If you run a cybersecurity team, the question this quarter is: which path do you commit to today?
Here’s the read.
What’s actually shipping vs waiting
Get the three facts straight before any decision-making.
GPT-5.5-Cyber: shipped, gated, two-tier. OpenAI’s structure is two products under one framework. The first — GPT-5.5 with Trusted Access for Cyber — is the broader rollout: it supports secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation. Most defenders will use this tier. The second — GPT-5.5-Cyber — is the higher-permissiveness model intended for authorized red teaming, penetration testing, and controlled validation exercises. Both are gated by the Trusted Access framework, which requires identity verification, organizational attestation, and (effective June 1) Advanced Account Security or phishing-resistant SSO. Safeguards still block credential theft, persistence techniques, malware deployment, and exploitation of third-party systems even for vetted customers — the model is permissive for defenders, not weaponizable for offense.
Claude Mythos: not generally available, accessed through Project Glasswing. Anthropic’s posture is different by design. The model is so capable at vulnerability discovery that Anthropic has declined to ship it broadly. Defenders engage through Project Glasswing’s industry consortium, which is currently focused on finding and remediating vulnerabilities in foundational systems before broader release. There’s no public waitlist URL of the OpenAI variety; access is via direct partnership with Anthropic or membership in a Glasswing-participating organization.
The White House vetting EO: drafted, not signed. Hassett’s Wednesday remarks are the most concrete signal yet. The original New York Times report on Sunday May 4 sketched the framework. The likely shape: FDA-style pre-deployment evaluations conducted by a CAISI-led working group. Effective date is unclear; the order is being drafted. Hassett’s “quite likely” applies to “all AI companies” — including OpenAI and Anthropic, both of whom were already voluntarily participating in CAISI evaluations. The Commerce Department’s voluntary program now also covers Google, Microsoft, and xAI under formal agreements signed early this week.
The three are connected. OpenAI is racing to deploy a permissive cyber model under a private-trust framework before the EO formalizes a public one. Anthropic is using Glasswing to do the same kind of pre-deployment hardening that the EO would mandate, but on its own terms. The White House is deciding whether to make the private patterns public.
The 3-axis Q3 decision frame
Three axes determine where a cybersecurity team should commit budget and procurement effort this quarter.
Axis 1: Available today vs available later vs available subject to government review
Today: GPT-5.5 with Trusted Access for Cyber. Apply, get verified, deploy. The first-mover advantage on production defender tooling sits with this tier. If your team’s Q3 deliverable depends on shipping a working AI-augmented capability — a faster vulnerability triage workflow, a 24/7 detection-engineering assistant, a patch-validation pipeline — this is the path that returns value in this quarter.
Later (90-180 days): Claude Mythos via Project Glasswing partnership, or its eventual public successor. Anthropic’s pattern with prior frontier models suggests Mythos GA will follow a similar arc to Claude 4 — broad release after several months of partner deployment and red-team review. Teams that need Mythos-tier capability today are functionally limited to the Glasswing membership path, which is a longer procurement cycle.
Subject to government review: Whatever the EO formalizes. If your team operates in regulated industries — financial services, healthcare, critical infrastructure, government contracting — pre-EO procurement decisions may need to be revisited under the EO’s vetting framework. The White House’s “FDA-like” framing implies that AI tools used for cybersecurity may need formal certification before deployment in certain contexts. The cost of a wrong-direction Q3 commitment goes up if the EO mandates re-evaluation.
Axis 2: Permissiveness profile
GPT-5.5-Cyber: explicitly tuned for defender-permissive workflows. OpenAI’s tuning lowers refusal rates on vulnerability identification, malware analysis, binary reverse engineering, detection engineering, and patch validation. Authorized red teaming, pen testing, and controlled validation are explicitly named. Offensive use stays blocked even for verified defenders.
Claude Mythos: general-purpose, with extreme cyber capability. Mythos is not defender-tuned. It’s a general frontier model that happens to be very good at finding vulnerabilities. The capability ceiling is higher than GPT-5.5-Cyber’s, but the friction surface for defender workflows is also higher — it doesn’t have a “permissive cyber” tuning toggle.
The EO would add a third profile: vetted-permissive. A model would only be deployable for permissive cyber workflows after passing pre-deployment evaluation. Both OpenAI and Anthropic are already participating in CAISI evaluations voluntarily; the EO would likely formalize this into a deployment requirement.
Axis 3: Procurement and audit posture
Trusted Access framework: identity verification, organizational attestation, Advanced Account Security from June 1. Good fit for SOC 2, ISO 27001, FedRAMP shops — the controls map cleanly to existing audit families. The framework’s per-user verification creates an audit trail you’ll be glad you have when CISA or an auditor asks who used the cyber-permissive model and for what.
Project Glasswing partnership: custom contract, deeper data-handling diligence, longer cycle. The participating list reads like a who’s-who of enterprise security: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks. If you’re at a Fortune 500 with an existing Anthropic relationship, this path is open. If you’re at a 200-person SOC, it’s not — yet.
The EO would add a layer of pre-deployment government evaluation. That may simplify some compliance angles (a vetted model is presumptively defensible to a regulator) while extending procurement timelines (the eval has to complete before deployment).
The 5 “apply this week” patterns by team profile
1. Internal red team with Trusted Access ready
If your red team has clean identity controls, an authorized engagement model, and an audit-trail capture pipeline already in place — apply for GPT-5.5-Cyber’s higher tier this week. The latency from application to access at OpenAI’s published cadence is short. Run a 30-day pilot on the next sanctioned engagement. Document refusal rates against your engagement scope.
2. Vulnerability research lab with Anthropic relationship
If your lab already has direct Anthropic engagement — a research preview, a Project Glasswing membership, a Bug Bounty partnership — request Mythos access through that channel. GPT-5.5-Cyber as a stop-gap is fine for the gap between today and Mythos availability. The two-model approach (GPT-5.5-Cyber for permissive workflow, Mythos for capability ceiling) is what the largest research labs will run.
3. Detection-engineering or SIEM-tuning shop
Apply for GPT-5.5 with Trusted Access (the broader tier, not the specialized -Cyber variant). The detection-engineering and patch-validation use cases are exactly the workflows OpenAI built this for, and the broader tier has more room for the multi-team rollout most SIEM shops need. Mythos’ incremental capability over GPT-5.5 is less material here than it is in vulnerability research.
4. Pen-test consultancy with multi-client trust requirements
GPT-5.5-Cyber plus per-engagement audit-trail capture. Your business model is permission-bounded by your client’s authorization scope; the Trusted Access framework’s identity verification helps you defensibly attest that your usage stayed within scope. Build per-engagement separation into your AI usage logging. Mythos via Glasswing is unlikely to be a clean fit for a multi-client consultancy until Anthropic publishes multi-tenant guarantees.
5. Regulated-industry SOC (financial, healthcare, critical infrastructure)
Hold for the EO. Pre-EO procurement is a real option, but it will likely need to be revisited under the vetting framework. The risk of a wrong-direction commitment is high; the cost of waiting another 60-90 days for EO clarity is low. Use the wait period to: build the pre-deployment evaluation capability internally, draft the procurement framework that maps to a likely-FDA-like vetting requirement, and run pilot conversations with both OpenAI and Anthropic so you’re not starting from zero when the framework lands.
The 1 “do not deploy” anti-pattern
Using a cyber-permissive model on a stack that has not enforced input attribution, per-user audit trail, and per-tool-call permission scoping.
The Trusted Access framework presumes you have these. If you don’t, the lower-refusal posture creates audit-trail gaps that will surface in your next SOC 2 audit, your next CISA review, your next post-incident forensics. The model is permissive for verified defenders — the verification is at the deployment layer, not just the OpenAI account layer. If your SOC’s analyst can use the cyber-permissive model under a shared service account with no per-user trace, you’ve accidentally created a privilege-escalation path inside your own tooling.
The fix before deployment: every cyber-permissive model call has to log the calling identity, the tool/scope, the prompt, the response, and the engagement context. Many organizations will need to wire this in deliberately. That work has to happen before the first call, not after the first incident.
The 4 signals to watch for the next 30 days
The White House EO’s formal release. Hassett said any day this month. The text will determine whether “vetting” is FDA-style (formal pre-market approval) or NIST-style (voluntary frameworks with safe-harbor incentives). The two have very different procurement implications.
Anthropic Mythos GA timeline disclosure. When Anthropic publishes a date, the cybersecurity industry’s planning horizon shifts. Until then, the “wait for Mythos” path is open-ended.
OpenAI Trusted Access first-week refusal-rate disclosure. OpenAI will likely publish refusal-rate data once the rollout has 30+ days of usage. That’s the empirical signal on whether GPT-5.5-Cyber’s permissiveness is meaningfully different from GPT-5.5’s, or whether it’s mostly a marketing distinction.
CAISI evaluation report publications. The pre-deployment evaluations of Google DeepMind, Microsoft, and xAI under the new agreements will generate published assessments. Those assessments will give you real third-party signal on each model’s cyber capability — independent of vendor claims.
What this can’t fix
It can’t replace your defender training pipeline. A cyber-permissive model in the hands of a junior analyst without supervision is a faster way to make mistakes, not a safer one. The hiring and training plan precedes the tool.
It can’t substitute for proper engagement scoping. A penetration test with the wrong scope of authorization is still illegal even if the AI helped scope it. The model doesn’t know what you’re authorized to test; only your engagement letter does.
It can’t decide policy for you. If your organization has not decided whether to allow AI tools on cybersecurity work — for data-residency reasons, for export-control reasons, for insurance reasons — no amount of capability comparison resolves that. The policy decision precedes the capability decision.
It can’t predict regulator behavior. The EO is drafted, not signed. Treating any current procurement decision as definitive is a risk. Build for revisitability.
The bottom line
Three product paths and one regulatory wave converge in Q3. GPT-5.5 with Trusted Access for Cyber is the deployable-today choice for most defender teams; GPT-5.5-Cyber is the higher-permissiveness variant for verified red teams; Claude Mythos via Project Glasswing is the capability-ceiling path for the largest research labs; the White House EO may reshape all of it in the next 60-90 days.
For most teams: apply for Trusted Access this week, harden your audit trail before the first cyber-permissive prompt, and treat any procurement commitment as revisitable until the EO text lands. For regulated-industry SOCs: wait for the EO, use the wait to build pre-deployment evaluation capability internally.
For board-prep this quarter: the right exhibit is a 1-pager covering supply-chain, audit-trail, and EO-readiness for your team’s chosen path. Frame it as “we have a defensible answer for whichever shape the EO takes” rather than “we picked the right vendor.” The vendors will move; the audit posture is what carries.
If you want to go deeper on the operational side — building the audit trail, scoping authorization correctly, hardening the SOC against the new permissiveness profile — our AI agent security course walks through the production-readiness pattern.
Sources
- Scaling Trusted Access for Cyber with GPT-5.5 and GPT-5.5-Cyber — OpenAI
- Trusted access for the next era of cyber defense — OpenAI
- OpenAI tunes GPT-5.5-Cyber for more permissive security workflows — Help Net Security
- OpenAI makes GPT-5.5 more widely available to cyber defenders — Axios
- Claude Mythos Preview — red.anthropic.com
- Anthropic — Project Glasswing
- Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems — The Hacker News
- Anthropic’s Mythos Has Landed: Here’s What Comes Next for Cyber — Dark Reading
- White House Prepares Order to Boost AI Security, Hassett Says — Bloomberg
- Hassett: White House may review AI models ’like an FDA drug’ — The Hill
- WH ‘studying’ AI security executive order — Federal News Network
