OpenAI widens GPT-5.5 availability for cyber defenders, pitting the model against rival Mythos as AI-powered cyberattacks grow more frequent and costly.
OpenAI announced this week it is significantly expanding access to its GPT-5.5 large language model for verified cybersecurity professionals, managed security service providers (MSSPs), and enterprise defense teams, ending a three-month limited beta period that restricted use to a small group of vetted partners. The move makes the system, which industry analysts have framed as a direct rival to the Mythos enterprise AI model, available to thousands of additional defensive security teams globally.
OpenAI CEO Sam Altman discussed the company's enterprise security roadmap during March's BlackRock Infrastructure Summit, noting at the time that GPT-5.5's defensive capabilities would be prioritized for partners working to counter AI-driven threats. The expanded access builds on that roadmap, with OpenAI confirming that all verified cyber defense organizations can now apply for access through the company's Enterprise Access Portal. Verification requires proof of employment at a security-focused organization, a valid industry certification such as CISSP or CEH, and agreement to OpenAI's updated terms of service that prohibit offensive use of the model.
Market data underscores the urgency of this expansion. IBM's 2026 Cost of a Data Breach Report found the global average cost of a single data breach has risen to $5.1 million, a 14% increase from 2024, with 62% of breaches now involving some form of AI-generated attack content. Phishing campaigns using AI to generate personalized, grammatically flawless messages have seen a 217% increase in volume since the start of 2025, per data from threat intelligence firm Recorded Future, while AI-generated malware that evades traditional signature-based detection has been identified in 18% of all ransomware attacks tracked in Q1 2026.
The AI cybersecurity market, valued at $18.2 billion in 2025, is projected to grow at a 28.4% compound annual growth rate through 2030, per Grand View Research. Enterprises are allocating an average of 12% of their annual security budgets to AI tools in 2026, up from 4% in 2023, as defensive teams struggle to keep pace with attackers who can generate thousands of unique malicious payloads in minutes using off-the-shelf LLMs.
Early data from the GPT-5.5 beta program highlights the model's defensive utility. Participating MSSPs reported that GPT-5.5 reduces the time required to analyze phishing campaigns by 73%, compared to 41% for previous GPT-4 class models, by automatically parsing malicious code, identifying attacker infrastructure, and generating remediation playbooks. For incident response teams, the model cuts the mean time to contain a breach by 58%, per OpenAI's internal metrics, by cross-referencing attack patterns with a proprietary database of 12 million historical security incidents updated daily.
OpenAI has implemented strict guardrails for GPT-5.5's cyber defense use case. The model is fine-tuned on 4.7 petabytes of security-specific data, including malware samples, phishing templates, and attack logs, but it is explicitly trained to refuse requests to generate exploit code, phishing content, or other malicious material. OpenAI says it uses real-time inference monitoring to detect policy violations, with automated account suspension for users who attempt to bypass guardrails, and human review of all flagged activity within 24 hours.
Competition between AI security model providers is heating up. Mythos, launched in February 2026, has already secured contracts with 12% of Fortune 500 security teams, per a March 2026 analysis from Gartner, making it the first major competitor to OpenAI's enterprise security offerings. Gartner's 2026 Security and Risk Management Roadmap projects that 65% of large enterprises will use AI-powered security tools by the end of 2027, up from 29% in 2025, creating a multi-billion dollar addressable market for models like GPT-5.5 and Mythos. Unlike Mythos, which offers a general-purpose enterprise AI with optional security add-ons, GPT-5.5 is purpose-built for defensive security use cases, a distinction OpenAI is leaning into in marketing materials.
Financially, the expansion is expected to boost OpenAI's enterprise revenue, which hit $3.2 billion in Q1 2026, up 47% year-over-year. Security-focused subscriptions accounted for 18% of that total in Q1, a figure OpenAI CFO Sarah Friar said the company expects to rise to 25% by the end of 2026 as GPT-5.5 access scales. Pricing for GPT-5.5 cyber defense tiers is set at $0.12 per 1,000 input tokens, a 15% premium over GPT-4.5 enterprise pricing, reflecting the model's specialized training and higher inference costs. OpenAI also offers volume discounts for MSSPs and enterprise teams with more than 1,000 users, with per-token costs dropping to $0.08 for the largest customers.
OpenAI outlined a roadmap for further GPT-5.5 security updates in a blog post accompanying the access expansion. The company will release a specialized fine-tuned version for industrial control system (ICS) security teams in Q3 2026, targeting the energy, manufacturing, and utilities sectors, which face a 32% higher rate of targeted attacks than other industries, per the Department of Homeland Security's 2025 Cybersecurity Yearbook. A separate version for cloud security teams, with integrations for AWS, Azure, and Google Cloud Platform, is scheduled for Q4 2026, and OpenAI says it is working with the Cybersecurity and Infrastructure Security Agency (CISA) to develop a public sector version for federal defense teams by early 2027.
The expansion comes as regulators begin to scrutinize the use of AI in cybersecurity. The European Union's AI Act, which went into effect in January 2026, classifies AI security tools as high-risk systems, requiring providers to conduct third-party audits and report serious incidents to regulators within 72 hours. OpenAI confirmed that GPT-5.5 has passed initial audits from EU-recognized testing bodies, and the company says it will publish a transparency report detailing the model's security performance and policy violation rates by the end of Q2 2026.
Comments
Please log in or register to join the discussion