OpenAI said on May 11 that it will give European organizations direct access to its most capable cybersecurity models through a new EU Cyber Action Plan, extending its "Trusted Access for Cyber" program across the bloc for the first time.
The plan covers European businesses, governments, national cyber authorities and EU institutions — including the EU AI Office — and grants vetted users access to both GPT-5.5 and the security-tuned variant GPT-5.5-Cyber, which OpenAI began rolling out to a limited set of cybersecurity teams the previous week.
A gated route into frontier cyber AI
Rather than a public release, the program is built around controlled access. OpenAI says participating organizations must clear identity verification, accept approved-use scoping, and adopt its Advanced Account Security requirements, which take effect June 1, 2026. The company describes safeguards aimed at preventing the models from being turned toward credential theft, malware deployment, stealth, persistence and exploitation of third-party systems — the capabilities that make a strong cyber model dual-use in the first place.
"Today, we are bringing to Europe unprecedented cyber defense capabilities that have not been available in the region until now," said Martin Signoux, an AI policy lead at OpenAI. According to CNBC, George Osborne — the former UK chancellor who now heads OpenAI for Countries — framed the move as a democratization play, saying "AI labs like ours shouldn't be the sole arbiters of cyber safety" and that "the latest cyber AI capabilities should be available for Europe's many defenders, not just the few."
On OpenAI's own CyberGym benchmark, the company reports GPT-5.5-Cyber scoring 81.9%, GPT-5.5 at 81.8% and the earlier GPT-5.4 at 79.0%, with Anthropic's Claude Opus 4.7 at 73.1% — figures that, like all vendor-run evaluations, should be read with the usual caution.
The Mythos contrast
The announcement lands against an awkward backdrop for Anthropic. Its cyber-focused Mythos model, released roughly a month earlier, was restricted to about 40 major technology players so that vulnerabilities surfaced by the model could be patched before attackers used them. The European Commission has had several meetings with Anthropic but, officials say, still has no arrangement to review Mythos — talks described as being at a "different stage" than the deal now on the table with OpenAI. The Commission publicly welcomed OpenAI's offer.
Why it matters
The move slots into a broader 2026 pattern of governments seeking pre-deployment or privileged access to frontier models, from the US Center for AI Standards and Innovation to national AI safety institutes. For OpenAI, offering Europe a structured channel — complete with the EU AI Office — is also a positioning win at a moment when Anthropic is fighting on multiple regulatory fronts. For Europe's defenders, the harder question is whether gated access to a near-state-of-the-art offensive-capable model genuinely tilts the balance toward defense, or simply narrows the window before those capabilities leak outward anyway.
