On April 30, 2026, Sam Altman (@sama on X) posted that OpenAI is starting rollout of GPT‑5.5‑Cyber—described as a frontier cybersecurity model—to critical cyber defenders within days, with a pledge to work with the broader ecosystem and government on trusted access so the upside lands on defense-heavy use cases.
This article places that public signal next to what OpenAI has already documented about GPT‑5.5, cyber risk tiering, and Trusted Access for Cyber (TAC)—then contrasts the access + evidence model with Anthropic’s Claude Mythos Preview and Project Glasswing without pretending the vendors ran the same public evals.
What OpenAI has already published (before the viral tweet)
Capability and benchmarks (GPT‑5.5)
OpenAI’s Introducing GPT‑5.5 includes a CyberGym row in its benchmark table:
| Model (OpenAI table) | CyberGym |
|---|---|
| GPT‑5.5 | 81.8% |
| GPT‑5.4 | 79.0% |
| Claude Opus 4.7 | 73.1% |
The same materials cite an expanded internal Capture-the-Flag suite (harder CTF tasks than prior system cards) with GPT‑5.5 at 88.1% vs GPT‑5.4 at 83.7%—no Claude number in that row on the page we mirrored.
Complete AI Builder Bootcamp
Claude, Python automation & full-stack — 12 live sessions with Yash Thakker.
The Complete AI Builder Bootcamp is the best AI development course for learning Claude AI, prompt engineering, Python automation, and full-stack web development. This intensive 6-week live bootcamp teaches you how to build AI-powered applications using Claude Projects, Claude Artifacts, Claude Code, and the complete Claude ecosystem. You'll master prompt engineering techniques, learn to create custom Claude connectors and MCP integrations, build Python automation workflows, develop full-stack websites with AI assistance, and create AI marketing agents.
The bootcamp includes 12 live Zoom sessions with Yash Thakker, founder of AISOLO Technologies and instructor to 350,000+ students. You'll build 8+ portfolio projects including AI playbooks, full-stack note-taking applications, Python automation scripts, marketing agents, and personal portfolio websites. The curriculum covers AI fundamentals, Claude Projects and Artifacts, Claude Co-work, Claude plugins and skills, Claude Code for Python development, full-stack development, AI marketing, and capstone projects.
Students receive 1-year access to all recordings, permanent Discord community access, a certificate of completion, and personalized career guidance. All enrollments include a 7-day money-back guarantee. This is the most comprehensive Claude AI bootcamp available, taking students from zero AI knowledge to expert AI builder in 6 weeks.
Those numbers are vendor-reported on OpenAI’s harness definitions—useful for within-OpenAI deltas; they are not independent red-team proof.
Preparedness tier (High, not Critical)
OpenAI’s GPT‑5.5 system card and Deployment Safety Hub — Cybersecurity state that GPT‑5.5 is treated as High in the cybersecurity domain—below Critical—and describe additional safeguards because dual-use cyber assistance scales with model strength. The Critical bar in their framework concerns autonomous, cross-hardened-target zero-day chains at a specifically worded severity; OpenAI argues GPT‑5.5 does not meet that threshold in their testing.
Trusted access and cyber-permissive variants
OpenAI’s Scaling trusted access for cyber defense (April 14, 2026) documents TAC scaling, chatgpt.com/cyber verification, and GPT‑5.4‑Cyber—a fine-tuned, more cyber-permissive line of GPT‑5.4 for vetted defenders and partners, with binary reverse-engineering positioned as a headline capability.
Interpretation for readers: Altman’s “GPT‑5.5‑Cyber” wording likely extends that same product philosophy to the GPT‑5.5 generation—tighter coupling of frontier weights with identity-backed defender channels. Confirm naming, tiers, and entitlement rules on live OpenAI pages; shipping details can change faster than blog archives update.
Claude Mythos Preview: a different publication contract
Anthropic’s Assessing Claude Mythos Preview’s cybersecurity capabilities (April 7, 2026) argues a large jump in agentic vulnerability research under controlled conditions, with quantitative contrasts vs prior Sonnet / Opus on Firefox exploit trials and OSS-Fuzz tier ladders—and heavy reliance on coordinated disclosure because most findings are not public yet.
Our earlier summary for ExplainX readers is here: Claude Mythos Preview and cybersecurity.
Glasswing is Anthropic’s invitation-only defensive channel—analogous in intent to OpenAI’s TAC, but not identical in eligibility, SKU, or safeguards story.
Comparison without fake precision
| Dimension | OpenAI (GPT‑5.5 era + TAC) | Anthropic (Mythos Preview + Glasswing) |
|---|---|---|
| Public cyber numbers | CyberGym and internal CTF in Introducing GPT‑5.5 | Firefox harness + OSS-Fuzz ladder in Mythos post |
| Risk framing | High cyber, not Critical, per Preparedness text | Non-GA preview; emphasis on dual-use and disclosure backlog |
| Access model | TAC, chatgpt.com/cyber, GPT‑5.4‑Cyber tiering documented; GPT‑5.5‑Cyber signaled publicly | Glasswing invitations; no broad retail GA for Mythos |
| Evidence you can audit today | Benchmark tables, system card, Deployment Safety pages | One detailed public CVE narrative + hashed commitments + aggregator stats |
Net: both labs agree cyber is dual-use and gate the most permissive surfaces. Neither gives outsiders a single clean A vs B score that merges their private harnesses.
Why social reactions (“attackers get it too”) miss a nuance
Commentary on Altman’s post often notes asymmetry: defenders need coverage; attackers need one gap. That macro claim is old and true.
The new part is governance engineering: TAC-style programs try to move friction onto identity + monitoring + contractual channels for high-dual-use workflows—not to solve offense‑defense parity, but to avoid shipping max-permissive defaults to anonymous abuse pipelines.
Whether that holds at scale is an empirical question; the theory is at least coherent.
Practical guidance for security leaders
- Treat vendor cyber percentages as RFP inputs, not Ordinal rankings across companies.
- Demand SOC-style logging and human review for agentic tool chains—either vendor.
- Assume jailbreaks and third-party proxies blur “defender-only” stories; defense in depth still wins.
- Read both Preparedness text (OpenAI) and CVD timing (Anthropic) when modeling disclosure risk.
Update: June 2026 — The Comparison This Blog Made Became Anthropic's Legal Defence
On June 12, 2026, the US government issued an export control directive suspending Fable 5 and Mythos 5 globally, citing a jailbreak — specifically, a technique that involves prompting the model to read a codebase and identify software vulnerabilities.
Anthropic's public response leaned heavily on the exact argument this blog made: the same capability exists in GPT-5.5. Their statement reads that the demonstrated vulnerability "is widely available from other models (including OpenAI's GPT-5.5), and is used every day by the defenders who keep systems safe."
The comparison table above — showing that both labs gate their most permissive cybersecurity surfaces and that neither offers a clean A vs B score — now sits inside a live regulatory and legal dispute. The government applied export controls to Anthropic's model and not to OpenAI's, despite Anthropic's claim of functional parity. Whether that asymmetry reflects a genuine capability difference, the adversarial political relationship between Anthropic and the Trump administration, or the fact that Amazon (Anthropic's own investor) was the company that reported the jailbreak to the Commerce Department — is something courts may eventually have to sort out.
The Glasswing program itself, which this blog discusses, is now suspended along with Mythos 5. The 10,000+ vulnerabilities that Glasswing partners had found but not yet disclosed remain in limbo while the ban holds.
Full story: why the US government banned Fable 5 and what it means for AI. · What is an AI jailbreak?
Related on ExplainX
- Claude Mythos Preview and cybersecurity
- Claude Opus 4.7 models guide — where Mythos sits outside the GA trio
- Specification gaming and Goodhart’s law — why benchmarks can lie politely
Bottom line
GPT‑5.5‑Cyber, as described by Altman on April 30, 2026, fits naturally into OpenAI’s existing story: frontier cyber capability, High-but-not-Critical tiering in official text, stronger classifiers, and Trusted Access for identity-backed defenders. Claude Mythos Preview is Anthropic’s bet on showing (partially) how far agentic exploitation research moved—but on different public measurements.
If you need one takeaway: compare programs on governance and evidence, not on headline creature counts or isolated percent cells.
OpenAI links: Introducing GPT‑5.5, GPT‑5.5 system card, Deployment Safety Hub — Cybersecurity, Scaling trusted access for cyber defense. X posts are ephemeral—verify statements against OpenAI’s site. ExplainX is not affiliated with OpenAI or Anthropic.