OpenAI to give EU access to new cyber model; Anthropic keeps Mythos closed

OpenAI announced a limited preview of its cybersecurity-focused variant, GPT-5.5-Cyber, for vetted defenders and said it is engaging to provide access pathways for European institutions, while Anthropic continues to restrict access to its Mythos Preview.

According to the company, GPT-5.5-Cyber is tuned to be more permissive for legitimate defensive workflows—vulnerability discovery, triage, patch validation and malware analysis—than the broadly available GPT-5.5 release. Access will be managed through OpenAI’s Trusted Access for Cyber (TAC) program with tiered controls, identity requirements and auditing for higher permission lanes.

Anthropic’s approach has remained more cautious: Mythos Preview access is limited to a handpicked set of technology and security firms and has not been broadly extended to European regulators or companies, prompting concerns among EU officials about preparedness and defensive parity. That divergence has drawn attention from European finance and regulatory circles seeking broader access so critical infrastructure defenders are not left behind.

Market and sector implications are immediate for enterprise security teams and vendors. A more widely available, vetted cyber model could accelerate remediation cycles and threat hunting, but it also raises operational governance and liability questions. Conversely, tightly restricted models aim to reduce misuse risk but can leave regions or sectors without the same defensive tooling. These trade-offs influence procurement, insurance and incident response planning across industries.

Analysts expect regulatory scrutiny and coordination to intensify: companies will need clear compliance and audit trails for elevated model access, and governments are likely to press for frameworks that balance defensive utility with abuse prevention. The coming months should show whether broader vetted access (as OpenAI proposes) or highly controlled previews (as Anthropic practices) become the industry norm, shaped by policy choices and real-world security outcomes.