GPT-5.5-Cyber rollout: OpenAI’s defender track vs Claude Mythos—what the record actually compares
Sam Altman signaled GPT-5.5-Cyber rolling out to critical cyber defenders; OpenAI’s docs already frame GPT-5.5 as High (not Critical) for cyber, CyberGym vs Opus 4.7 numbers, and Trusted Access for Cyber. How that lines up with Anthropic’s Mythos Preview and Glasswing—without pretend head-to-head benchmarks.
On April 30, 2026, Sam Altman (@sama on X) posted that OpenAI is starting rollout of GPT‑5.5‑Cyber—described as a frontier cybersecurity model—to critical cyber defenders within days, with a pledge to work with the broader ecosystem and government on trusted access so the upside lands on defense-heavy use cases.
This article places that public signal next to what OpenAI has already documented about GPT‑5.5, cyber risk tiering, and Trusted Access for Cyber (TAC)—then contrasts the access + evidence model with Anthropic’s Claude Mythos Preview and Project Glasswing without pretending the vendors ran the same public evals.
What OpenAI has already published (before the viral tweet)
Capability and benchmarks (GPT‑5.5)
OpenAI’s Introducing GPT‑5.5 includes a CyberGym row in its benchmark table:
The same materials cite an expanded internal Capture-the-Flag suite (harder CTF tasks than prior system cards) with GPT‑5.5 at 88.1% vs GPT‑5.4 at 83.7%—no Claude number in that row on the page we mirrored.
Those numbers are vendor-reported on OpenAI’s harness definitions—useful for within-OpenAI deltas; they are not independent red-team proof.
Preparedness tier (High, not Critical)
OpenAI’s GPT‑5.5 system card and Deployment Safety Hub — Cybersecurity state that GPT‑5.5 is treated as High in the cybersecurity domain—below Critical—and describe additional safeguards because dual-use cyber assistance scales with model strength. The Critical bar in their framework concerns autonomous, cross-hardened-target zero-day chains at a specifically worded severity; OpenAI argues GPT‑5.5 does not meet that threshold in their testing.
Trusted access and cyber-permissive variants
OpenAI’s Scaling trusted access for cyber defense (April 14, 2026) documents TAC scaling, chatgpt.com/cyber verification, and GPT‑5.4‑Cyber—a fine-tuned, more cyber-permissive line of GPT‑5.4 for vetted defenders and partners, with binary reverse-engineering positioned as a headline capability.
Interpretation for readers: Altman’s “GPT‑5.5‑Cyber” wording likely extends that same product philosophy to the GPT‑5.5 generation—tighter coupling of frontier weights with identity-backed defender channels. Confirm naming, tiers, and entitlement rules on live OpenAI pages; shipping details can change faster than blog archives update.
Claude Mythos Preview: a different publication contract
Anthropic’s Assessing Claude Mythos Preview’s cybersecurity capabilities (April 7, 2026) argues a large jump in agentic vulnerability research under controlled conditions, with quantitative contrasts vs prior Sonnet / Opus on Firefox exploit trials and OSS-Fuzz tier ladders—and heavy reliance on coordinated disclosure because most findings are not public yet.
Glasswing is Anthropic’s invitation-only defensive channel—analogous in intent to OpenAI’s TAC, but not identical in eligibility, SKU, or safeguards story.
Glasswing invitations; no broad retail GA for Mythos
Evidence you can audit today
Benchmark tables, system card, Deployment Safety pages
One detailed public CVE narrative + hashed commitments + aggregator stats
Net: both labs agree cyber is dual-use and gate the most permissive surfaces. Neither gives outsiders a single clean A vs B score that merges their private harnesses.
Why social reactions (“attackers get it too”) miss a nuance
Commentary on Altman’s post often notes asymmetry: defenders need coverage; attackers need one gap. That macro claim is old and true.
The new part is governance engineering: TAC-style programs try to move friction onto identity + monitoring + contractual channels for high-dual-use workflows—not to solve offense‑defense parity, but to avoid shipping max-permissive defaults to anonymous abuse pipelines.
Whether that holds at scale is an empirical question; the theory is at least coherent.
Practical guidance for security leaders
Treat vendor cyber percentages as RFP inputs, not Ordinal rankings across companies.
DemandSOC-style logging and human review for agentic tool chains—either vendor.
Assumejailbreaks and third-party proxiesblur “defender-only” stories; defense in depth still wins.
ReadbothPreparedness text (OpenAI) and CVD timing (Anthropic) when modeling disclosure risk.
Update: June 2026 — The Comparison This Blog Made Became Anthropic's Legal Defence
On June 12, 2026, the US government issued an export control directive suspending Fable 5 and Mythos 5 globally, citing a jailbreak — specifically, a technique that involves prompting the model to read a codebase and identify software vulnerabilities.
Anthropic's public response leaned heavily on the exact argument this blog made: the same capability exists in GPT-5.5. Their statement reads that the demonstrated vulnerability "is widely available from other models (including OpenAI's GPT-5.5), and is used every day by the defenders who keep systems safe."
The comparison table above — showing that both labs gate their most permissive cybersecurity surfaces and that neither offers a clean A vs B score — now sits inside a live regulatory and legal dispute. The government applied export controls to Anthropic's model and not to OpenAI's, despite Anthropic's claim of functional parity. Whether that asymmetry reflects a genuine capability difference, the adversarial political relationship between Anthropic and the Trump administration, or the fact that Amazon (Anthropic's own investor) was the company that reported the jailbreak to the Commerce Department — is something courts may eventually have to sort out.
The Glasswing program itself, which this blog discusses, is now suspended along with Mythos 5. The 10,000+ vulnerabilities that Glasswing partners had found but not yet disclosed remain in limbo while the ban holds.
GPT‑5.5‑Cyber, as described by Altman on April 30, 2026, fits naturally into OpenAI’s existing story: frontier cyber capability, High-but-not-Critical tiering in official text, stronger classifiers, and Trusted Access for identity-backed defenders. Claude Mythos Preview is Anthropic’s bet on showing (partially) how far agentic exploitation research moved—but on different public measurements.
If you need one takeaway: compare programs on governance and evidence, not on headline creature counts or isolatedpercent cells.