OpenAI releases "AI specialized for finding vulnerabilities," rubbing Claude's face in the dirt.

OpenAI yesterday released a cybersecurity-specific model, GPT-5.5-Cyber, achieving a score of 85.6% in the CyberGym vulnerability detection benchmark, surpassing Claude Mythos 5's 83.8%. This is a precise strike aimed at Anthropic.
OpenAI Releases "AI Dedicated to Finding Vulnerabilities," Rubbing Claude into the Ground
Yesterday (June 22), OpenAI announced an expansion of the Daybreak cybersecurity project, officially opening full access to GPT-5.5-Cyber for vetted security defense teams.
This model does one thing only: find vulnerabilities, verify vulnerabilities, and fix vulnerabilities.
In the CyberGym benchmark test, GPT-5.5-Cyber scored 85.6%, setting a new record for the highest score achieved by a single model. By comparison, Claude Mythos 5 scored 83.8%, and the general-purpose GPT-5.5 scored 81.8%.
The difference isn’t huge, but in security, 1.8 percentage points can mean the difference between “finding that 0day before the attacker” or not.

1. Not Just "Better at Finding Vulnerabilities"—The Entire Workflow is Faster
The cybersecurity community has had a consensus over the past two years: AI has accelerated vulnerability discovery, but patching speed hasn’t kept up.
The pain point used to be “can’t find it,” now it’s “found it but can’t finish fixing it.” A medium-sized company’s security team might receive hundreds of vulnerability reports per week—assessing impact, writing patches, running tests, releasing fixes—this chain still relies on manual effort.
GPT-5.5-Cyber is aimed precisely at this stage.
According to OpenAI, the model has been specially optimized for three scenarios:
1. Vulnerability Identification and Prioritization
When general-purpose models handle security tasks, their built-in safety mechanisms tend to be “overly cautious.” For example, if you ask GPT-5.5 to analyze code that may have SQL injection, it might first give you a lecture on “what is SQL injection,” then carefully say “this code has potential risks.”
GPT-5.5-Cyber instead tells you straight away: this is a variant of CVE such-and-such, its impact range, and patch priority recommendation (e.g. priority level P#).
This difference is transformative for security teams. They don’t need AI as a teacher—they need a teammate who can fight alongside them.
2. Patch Verification
Writing patches is easy; verifying patches is hard.
A vulnerability may have more than a dozen exploitation paths; you fix one, but nine others remain open. Traditionally, proof-of-concept (PoC) scripts are written manually to test each path—time-consuming and prone to oversight.
GPT-5.5-Cyber can automatically generate PoCs for multiple exploitation paths, verifying whether the patch truly closes all doors.
3. Malware Analysis
This scenario demands the most from the model. Malware often uses obfuscation, packing, and anti-debugging techniques—static analysis reveals little.
According to ExploitGym test results, GPT-5.5-Cyber scored 39.5% on the task of “turning known vulnerabilities into executable attack code,” while the general-purpose GPT-5.5 scored only 25.95%.
That’s an increase of over 50%.
This means the model not only understands vulnerability principles—it can “think like an attacker,” knowing how a vulnerability can actually be used and how easy it is to exploit.
2. Head-to-Head with Claude Mythos
Observers can tell this release timing was no coincidence.
A month ago, Anthropic released the Claude Mythos Preview, optimized for cybersecurity scenarios as part of its Project Glasswing initiative. That release attracted significant attention—Fed Chair Powell and Treasury Secretary Besent convened CEOs of major Wall Street banks to discuss the model’s impact on the financial system.
Vice President Vance even had a conference call with tech giants’ CEOs.
When an AI model makes so many top leaders nervous, it means it has indeed demonstrated capabilities that are unsettling.
OpenAI clearly doesn't want to hand over the "AI security expert" racetrack to Anthropic. GPT-5.5-Cyber’s release is a precise strategic counterattack.
From the test results, OpenAI has indeed regained some ground:
| Model | CyberGym | ExploitGym | SEC-bench Pro | |-------|----------|------------|---------------| | GPT-5.5-Cyber | 85.6% | 39.5% | 69.8% | | Claude Mythos 5 | 83.8% | - | - | | GPT-5.5 (general-purpose) | 81.8% | 25.95% | 63.1% |
(Note: Public scores for Claude Mythos 5 on ExploitGym and SEC-bench Pro are currently unavailable.)
But scores are only part of the story. Ecosystem and distribution capabilities matter more.
Anthropic’s Mythos is currently available only to select enterprises—an “elite route.” OpenAI’s Daybreak project is somewhat more open—any security team can apply to join the Trusted Access for Cyber program, and once vetted, get access.
For most enterprise security teams, whether they can actually use it matters more than who’s stronger.
3. Technical Details: What’s Different in the Cyber Version?
Based on public information, GPT-5.5-Cyber differs from the general-purpose GPT-5.5 mainly in three areas:
Looser Restrictions on Security Tasks
The general GPT-5.5 has many “guardrails” to prevent it from being turned into an attack tool. For instance, asking it “how to write a SQL injection payload” would likely result in refusal.
For legitimate security researchers, these guardrails are obstacles. They need the model to “think like an attacker” to better defend.
GPT-5.5-Cyber, after targeted training, relaxes these restrictions—but only for vetted users, and only in specific contexts.
This is a delicate balance. OpenAI must make the model “dangerous enough” to be useful, yet prevent it from becoming a script kiddie weapon.
Domain-Specific Fine-Tuning in Security
From SEC-bench Pro scores, it can be inferred that GPT-5.5-Cyber has been additionally trained on:
- Large amounts of CVE database entries and their associated technical analyses
- Penetration test reports and red team exercise records
- Security research papers and exploit code repositories
- Patch submission records and code review feedback
SEC-bench Pro tests “long-term vulnerability discovery and proof-of-concept generation capabilities on complex software targets.” GPT-5.5-Cyber’s score exceeds the general version by 6.7 percentage points, suggesting a clear advantage in understanding real-world software architectures.
Strengthened Agent Capabilities
OpenAI’s blog notes GPT-5.5-Cyber can “perform penetration testing and vulnerability verification on authorized real-world targets.”
This means it’s not just a Q&A bot—it can act as an agent to autonomously execute multi-step tasks:
- Scan target system
- Identify potential vulnerabilities
- Generate exploit code
- Verify vulnerability is real
- Assess impact scope
- Generate remediation advice
The entire chain can be automated, with humans making decisions at key points.
4. Who Can Use It? How?
This is not a consumer-facing product.
To gain access to GPT-5.5-Cyber, you must:
-
Apply to join the Trusted Access for Cyber program: OpenAI will verify your identity and purpose, ensuring you are a legitimate security researcher or corporate security team member.
-
Complete account security upgrades: Before June 1, install advanced security protections on your ChatGPT account (this deadline may have passed—check the latest requirements in official documentation).
-
Agree to usage terms: Including not using the model to attack unauthorized targets and not sharing access credentials.
Once approved, you can call GPT-5.5-Cyber via API.
For developers in China, direct access to the OpenAI API may face network issues. If your team needs to use the model, consider calling it through an API aggregation platform like OpenAI Hub—it’s compatible with OpenAI’s format, connects directly domestically, and avoids networking hassles.
The call method is identical to the standard OpenAI API:
import openai
client = openai.OpenAI(
api_key="Your OpenAI Hub API Key",
base_url="https://api.openai-hub.com/v1"
)
response = client.chat.completions.create(
model="gpt-5.5-cyber", # Model name depends on OpenAI Hub's actual support
messages=[
{
"role": "system",
"content": "You are a professional security researcher helping to analyze potential vulnerabilities in code."
},
{
"role": "user",
"content": """Analyze the security risks in the following code:
def get_user(user_id):
query = f"SELECT * FROM users WHERE id = {user_id}"
return db.execute(query)
"""
}
]
)
print(response.choices[0].message.content)
5. What Does This Mean for the Security Industry?
In the long term, AI is reshaping the offensive-defensive dynamics of the entire cybersecurity industry.
Attack Threshold is Lowering
Previously, launching a complex cyberattack required deep technical skill and much time. Now, someone with a shallow understanding of security can, with AI tools, generate fairly professional attack code.
This is no exaggeration. ExploitGym essentially tests “whether AI can turn vulnerability information into executable attacks”—GPT-5.5-Cyber’s 39.5% score means it already has considerable exploit code generation ability.
Defense Efficiency is Improving
The good news is defenders also benefit.
A security team equipped with GPT-5.5-Cyber can complete vulnerability analysis in minutes that previously required days. Patch verification shifts from manual testing to automated pipelines. Malware analysis shifts from “guessing intent from code” to “asking AI what this thing is trying to do.”
Efficiency gains are orders of magnitude.
But the Tech Gap May Widen
The issue is these powerful tools aren’t accessible to everyone.
OpenAI and Anthropic both employ strict access controls, limiting use to vetted teams. This means well-resourced large enterprises and national security agencies can use the most advanced defensive tools, while small businesses and organizations in less developed areas make do with general models.
The Matthew Effect in security may intensify.
Regulatory Pressure is Increasing
This also explains why the U.S. government is paying such close attention.
When an AI model can automatically find vulnerabilities, generate exploit code, and even autonomously conduct penetration tests, it ceases to be just software—it becomes a “capability” that must be governed.
Before releasing GPT-5.5-Cyber, OpenAI gave demonstrations to the White House, Department of Commerce, and congressional committees. This is not just PR—it’s groundwork for future regulatory cooperation.
We can expect dedicated regulation for AI security tools soon.
6. Looking Calmly: What Does 85.6% Mean?
Finally, here’s an often overlooked point.
An 85.6% CyberGym score is indeed the highest so far—but it also means there’s 14.4% of vulnerabilities it cannot find.
In cybersecurity, this 14.4% may be the most dangerous part—those hidden, unconventional vulnerabilities requiring deep contextual understanding.
AI is a powerful assistant, but it cannot replace the intuition and judgment of experienced security experts.
The best current model is human-machine collaboration: AI handles massive scanning and routine tasks; human experts make the final calls and tackle edge cases AI cannot manage.
Treat AI as a “super intern,” not a “reason to slack off”—this mindset is critical.
The release of GPT-5.5-Cyber marks a key step in moving AI security tools from “experimental” to “productivity tools.” The competition between OpenAI and Anthropic ultimately benefits the entire security industry.
But don’t forget—attackers are evolving with the same technology. This AI-driven offensive-defensive escalation has only just begun.
References
- ITHome: GPT-5.5-Cyber surpasses Claude Mythos 5 in scores, sets new CyberGym record - Detailed report on GPT-5.5-Cyber’s scores in various benchmarks
- Zhihu column: OpenAI releases limited preview of GPT-5.5-Cyber to cybersecurity teams - Analysis of the model’s positioning and competition with Anthropic



