Scaling Trusted Access for Cyber with GPT‑5.5 and GPT‑5.5‑Cyber
How our latest models help each layer of the defensive ecosystem and accelerate the security flywheel.
For years we’ve been chronicling our work to accelerate cybersecurity defenders, as part of our broader work to build the core infrastructure for AI. Last week, we released our action plan Cybersecurity in the Intelligence Age, which lays out our vision for democratizing AI-powered defense. Two weeks ago, we released GPT‑5.5, our smartest and most intuitive model to date, which is already delivering powerful cybersecurity capabilities to developers and security teams through Trusted Access for Cyber (TAC).
Today, we are rolling out GPT‑5.5‑Cyber in limited preview to defenders responsible for securing critical infrastructure to support specialized cybersecurity workflows that help protect the broader ecosystem.
We are focused on providing proportional safeguards and access to empower cyber defenders to protect society, and our approach has been informed by conversations with cybersecurity and national security leaders across federal and state government and major commercial entities.
The cyber defense ecosystem is broad, and GPT‑5.5 and GPT‑5.5‑Cyber play different roles in meeting the needs of organizations and researchers across it, depending on the task, the setting, and the safeguards around how the model is used. For most teams, GPT‑5.5 with TAC is our strongest broadly useful model for legitimate defensive work, with strong safeguards against misuse.
In this post, we are sharing more details on how Trusted Access for Cyber works, how GPT‑5.5 and GPT‑5.5‑Cyber meet the varied needs of defenders across the ecosystem, and how different levels of access affect model outputs.
Trusted Access for Cyber is an identity and trust-based framework designed to help ensure enhanced cyber capabilities are being placed in the right hands. It is designed to make the cyber capabilities of GPT‑5.5 more useful for verified defenders working on defensive tasks, while continuing to restrict requests that could enable real-world harm.
When defenders are vetted and approved for Trusted Access for Cyber, they receive lower classifier-based refusals to enable authorized cybersecurity workflows, including vulnerability identification and triage, malware analysis, binary reverse engineering, detection engineering, and patch validation. Safeguards continue to block malicious activity such as credential theft, stealth, persistence, malware deployment, or exploitation of third-party systems.
As we announced last week, with increased access, defenders are required to have phishing-resistant account security protections. Individual members of Trusted Access for Cyber accessing our most cyber capable and permissive models will be required to enable Advanced Account Security beginning June 1, 2026. Organizations with trusted access can, as an alternative, attest that they have phishing resistant authentication as part of their single sign-on workflow.
Here is a breakdown for how to think about the current trusted access levels:
Marin u helka | Maxaa isbeddelaya? | Xaaladaha isticmaalka ee la qorsheeyay |
GPT‑5.5 (asaliga ah) | Ilaalinno caadi ah oo loogu talagalay isticmaalka guud | Shaqada ujeeddada guud leh, mida horumariyaha, iyo mida aqoonta |
GPT‑5.5 oo leh Gelitaanka La Aamini Karo ee Amniga Internetka | Ilaalinno ka sii saxnaan badan oo loogu talagalay shaqada difaaca ee laga xaqiijiyey gudaha nidaamyada/goobaha shaqo ee la ansixiyay | Inta badan habraacyada shaqo ee amniga difaaca, oo ay ku jiraan dib-u-eegista koodhka amniga-sugan, kala-hormarinta nuglaanshaha, falanqaynta softiweerada waxyeellada leh, injineernimada ogaanshaha, iyo xaqiijinta sixitaannada amniga. |
GPT‑5.5‑Cyber | Hab-dhaqanka ugu oggolaanshaha badan ee loogu talagalay hawl-socodyada gaarka ah ee la oggolaaday, oo lagu lammaaniyay xaqiijin adag iyo xakamaynta heerka koontada | Marin u helid hordhac ah oo loogu talagalay habraacyada shaqo ee takhasuska leh, oo ay ku jiraan qiimeynta awoodda nidaamka ee la oggolaaday, tijaabinta dhexgalida, iyo xaqiijinta la xakameeyey |
The differences between model access levels are most pronounced when comparing prompts and responses. The first example illustrates how GPT‑5.5 compares to GPT‑5.5 with Trusted Access for Cyber on a defensive task: create a proof-of-concept from a published vulnerability to validate remediation within an authorized environment.
- cve.org/CVERecord?id=CVE-2025-55182
- react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
For most defenders, GPT‑5.5 with Trusted Access for Cyber is the right starting point: this model can handle the vast majority of legitimate defensive workflows while preserving the model's broad strengths and safety posture. That includes secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation.
More specialized access becomes relevant only when authorized workflows still run into refusals. This occurs with higher risk workflows such as red teaming and penetration testing, where defenders may need to go beyond analysis, and validate exploitability in a controlled environment. GPT‑5.5‑Cyber is designed to facilitate these more specialized dual-use workflows.
Here’s a simple example that shows what that looks like in practice:
GPT‑5.5 waa moodelkeena ugu caqliga badan, uguna sahlan in si dabiici ah loo adeegsado, oo loogu talagalay labadaba shaqada aqoonta ee ujeeddooyinka guud iyo hawlaha amniga internetka, waana moodelka aan filayno in inta badan difaacayaashu isticmaalaan. Waxaan qiimeynaa waxqabadka dhanka amniga internetka ee hawlaha u baahan caqliyeynta tallaabooyin badan leh, isticmaalka qalabka, iyo joogteyn guud ahaan habraacyada shaqo ee difaac ee waaqiciga ah.
Horudhaca koowaad ee moodellada oggolaanshaha badan dhinaca amniga intarneetka sida GPT‑5.5‑Cyber looguma talagalin in si weyn loogu sii kordhiyo awoodda amniga intarneetka heer ka sarreeya GPT‑5.5 - waxaa ugu horrayn loo tababaray in uu noqdo mid oggolaansho badan hawlaha la xidhiidha amniga.
Natiijo ahaan, horudhacan koowaad lama filayo inuu GPT‑5.5 kaga waxqabad fiicnaado qiimayn kasta oo xagga amniga intarneetka ah. Taas beddelkeeda, waxay taageertaa habraac dejin oo ku celcelis ah si loo dardargeliyo difaacayaasha loona taageero si ammaan ah habraacyo shaqo oo la oggolaaday oo takhasus gaar ah leh, kuwaas oo u baahan hab-dhaqan oggolaansho badan, oo ay weheliso xaqiijin xooggan, kormeerka isticmaalka khaldan, qeexidda baaxadda isticmaalka la ansixiyey, iyo jawaab-celinta la-hawlgalayaasha. Hadda, GPT‑5.5 oo leh Trusted Access for Cyber ayaa weli ah barta bilowga ee lagu taliyey ee inta badan habraacyada shaqada ee amniga.
Waxaan iskaashi la sameyneynaa shirkadaha amniga sababtoo ah waxay ku sugan yihiin meesha awoodda moodeellada AI ay uga noqoto ilaalin dhabta ah ee macaamiisha: ogaanshaha, horumarinta, oggaanshaha hanjabaadaha, jawaab-celinta, iyo adkeynta amniga shabakadaha. Marka heerarkaas ay si wadajir ah u horumaraan, waxay abuuraan wareeg amni oo isdardar geliya: cilmi-baarayaashu waxay shaaciyaan nuglaanshaha iyagoo wata tusaalooyin muujinaya sida loo weerari karo iyo hagitaan ku saabsan sixitaannada amniga, aaladaha silsiladda sahayda softiweerka waxay ka hortagaan in koodh nugul iyo ku-tiirsanaanno la jebiyey ay gaaraan wax-soo-saarka, la-hawlgalayaasha EDR iyo SIEM waxay ogaadaan ka-faa’iideysiga, halka bixiyeyaasha shabakadda iyo amniguna ay hirgeliyaan yareynta waxyeellada heer-WAF ah inta hagaajinnadu socdaan.
GPT‑5.5 oo leh Trusted Access for Cyber waa barta bilowga ballaaran ee shaqadan. Waxay ka caawin kartaa difaacayaasha la xaqiijiyay inay si dhakhso leh uga shaqeeyaan guud ahaan meertada dhan ee amniga, halka GPT‑5.5‑Cyber uu u oggolaanayo koox yar oo la-hawlgalayaal ah inay daraaseeyaan hab-socodyo horumarsan halkaas oo dhaqanka gelitaanka ee takhasuska leh uu muhiim noqon karo. Ujeedadu waa in la caawiyo nidaam shabakadeedka amniga inuu si dhakhso leh u ilaaliyo macaamiisha, kadibna laga barto jawaab-celinta la-hawlgalaha meelaha looga baahan yahay qiimayn, xaqiijin, ama tallaabooyin ilaalin oo kasii adag.
Bixiyeyaasha shabakadda iyo amniga
Bixiyeyaasha shabakadda iyo amniga waxay yareyn karaan halista soo-gaadhista inta hagaajinnada weli lagu soo fasaxaayo. Marka difaacayaashu xaqiijiyaan nuglaanshaha oo ay la socdaan isku dayada looga faa’iideysanayo, waxay sidoo kale dhaqan gelin karaan xeerarka WAF, tallaabooyinka difaaca shabakadda, iyo wax ka beddelka dejimaha nidaamka si loo xannibo ama loo yareeyo waddooyinka weerarka ee suurtagalka ah ka hor inta aan dhammaan nidaamyada ay saameeyeen si buuxda loo sixin. GPT‑5.5 wuxuu taageeri karaa dib-u-eegista xeerarka, falanqaynta habeynta, baarista dhacdooyinka, iyo uuna amni-sugo maaraynta isbeddelada guud ahaan gudaha bay’ado adag.
Waxaan la shaqeyneynaa la-hawlgalayaashan si ay nooga caawiyaan qiimeynta sida awoodahaas ugu beddelmaan difaacyo ay macaamiishu ka hirgelin karaan heer internet oo aad u ballaaran, oo ay ku jiraan kaabayaasha muhiimka ah iyo adeegyada dadweynaha, halkaas oo ay muhiim tahay in si degdeg ah loo yareeyo soo-gaadhista khataraha.
“Marka la joogo Cisco, waxaan u aragnaa moodellada ugu casriyeysan inay yihiin awood xooggan oo kordhisa awoodda difaacayaasha. Moodellada sida GPT-5.5 ayaa si aasaasi ah u beddelaya xawaaraha hawlgalladeenna, taas oo noo suurtagelinaysa inaan si dhakhso badan uga shaqayno wax kasta, laga bilaabo baaritaanka dhacdooyinka ilaa yaraynta u beylah noqoshada si ka-hortag ah. Laakiin xawaaraha laguma beddeli karo kalsoonida. Qiimaha dhabta ah ee teknolojiyaddan lagama helo moodelka keliya, balse wuxuu ku jiraa nidaamka ganacsiyada u diyaarsan ee aan ku hareeraynay. Qaab-dhismeed naga caawiya in aan soo saarno badeecooyin ammaan badan. Wax diirad-saarkeenu waxay saaran tahay in aan awoodahan cusub ku horumarino geeddi-socodyadayada horumarinta iyo hawlgallada sugan. Annaga, arrintu waxeey ku aadan tahay suurtogelinta hal-abuurnimo la isku hallayn karo sida ay u dhakhso badan tahay.”
Cilmi-baarista nuglaanshaha iyo hagaajinta
Wareeggu wuxuu ku bilaabmaa ogaanshaha nuglaanshaha, qiimeynta halistooda, iyo sixitaanka nidaamyada ay saameeyeen. GPT‑5.5 oo leh Trusted Access for Cyber wuxuu caawinaad ka geysan karaa inta badan shaqadan: fahamka koodh aan la aqoon, khariidaynta meelaha ay saameyntu gaartay, raadraaca sababta asaasiga ah, dib u eegista sixitaannada, dhisidda qaab-dhismeedyo tijaabo oo ammaan ah, mudnaan-siinta darnaanta, iyo u beddelidda natiijooyinka hagitaan lagu sixi karo.
Qaar ka mid ah cilmi-baarista nuglaanshaha waxay u baahan tahay dabacsanaan badan, gaar ahaan marka la-hawlgalayaasha la oggolaaday ay u baahan yihiin tusaalooyin caddeynaya sida nuglaanshaha looga faa’iideysan karo si loo sameeyo shaacin wadajir ah ama xaqiijin si xakameysan loo fuliyo. Kuwaasi waa hawl-socodyada halka uu GPT‑5.5‑Cyber naga caawin karo inaan wax ku baranno tiro yar oo shuraako ah, iyadoo la adeegsanayo xaqiijin adag, kormeer, iyo wareegyo jawaab-celin ah.
“Intel waa hormuud dhanka qalabka silicon-ka iyo softiweerka, waxayna bixisaa saldhig lagu kalsoon yahay oo ay ku tiirsan tahay warshadaha kombiyuutarrada caalamka. Maadaama moodellada AI-ga ay sii wadaan inay ku horumaraan caqliyeynta iyo xawaaraha, awooddooda ay ku aqoonsadaan, ku falanqeeyaan, kuna caawiyaan yareynta khataraha amniga waxay noqotaa mid sii kordheysa oo muhiim ah. Intel waxay rajaynaysaa inay la shaqayso OpenAI si loo keeno awoodaha AI ee la maamulo, lana ballaarin karo, habraacyada shaqo ee amniga internetka ee dunida dhabta ah—iyadoo ka caawinaysa ganacsiyada inay dardargeliyaan cilmi-baarista nuglaanshaha, xoojiyaan geeddi-socodyada xallinta, oo ay si ammaan badan ugu shaqeeyaan baaxad weyn.”
Ogaanshaha iyo la socodka
Haddii softiweer u nugul weerarada horey loo hirgeliyey, su’aasha xigta waa in la ogaado haddii ay jirto cid ka faa’iidaysanaysa. EDR, SIEM, IGA/PAM, iyo la-hawlgalayaasha la socodka waxay talo-bixin cusub u beddelaan caddayn laga helo nidaamyada dhabta ah ee la adeegsanayo: xogta sida otomaatigga ah looga soo diro nidaamyada si kormeer loogu sameeyo, digniinaha, wax ogaanshaha, iyo habraacyada shaqada ee jawaab-celinta leh. GPT‑5.5 waxay ka caawin kartaa falanqeeyayaasha inay isku xiriiriyaan signaladaas, soo koobaan waxa muhiimka ah, qabyo qoraan wax ogaanshaha, oo si degdeg ah uga gudbaan shaacinta una gudbaan baaritaanka. Isla wareeggaas ayaa si gaar ah muhiim ugu ah goobo daruureedka wax keydinta, halkaas oo soo-gaadhis, sixid, iyo ogaansho si adag isugu xiran yihiin.
“Marka la joogo SentinelOne, qiimaha dhabta ah ee AI waa sida dhakhsaha leh ee uu nooga caawiyo inaan calaamadaha ugu beddelno faa’iido ficil lagu salayn karo oo is-difaacayaasha loogu talagalay.” GPT-5.5 waxay ka caawisaa falanqeeyayaasha inay isku xiraan raadraaca tooska ah ee xogta nidaamka, diiradda saaraan waxa muhiimka ah, oo ay xoojiyaan sida ururradu u baaraan, u ogaadaan, ugana jawaabaan khataraha soo ifbaxaya.”
Amniga silsiladda saadka ee softiweerka
Tallaabada xigta waa in marka horeba laga hortago in koodh la og yahay inuu xun yahay uu gaaro goobta wax-soo-saarka. Marka nuglaansho ama waxyeello ku timaadda xirmo barnaamij la fahmo, qalabka silsiladda sahayda softiweerka ayaa gacan ka geysan kara joojinta ku tiirsanaanshaha khatarta ah, cusboonaysiinta waxyeellada leh, iyo waddooyinka koodhka nugul ka hor inta aysan ku faafin nidaamyada macaamiisha. GPT‑5.5 oo leh Trusted Access for Cyber wuxuu kaa caawin karaa baaritaanka isbeddellada ku-tiirsanaanta, ka fikirista suurtagalnimada ka faa’iidaysiga ee koodka aad leedahay, mudnaan-siinta sixitaanka, iyo soo bandhigidda hab-dhaqanka xirmooyinka laga shakiyo xilli hore oo ka mid ah wareegga horumarinta.
Shuraako sida Snyk, Gen Digital, Semgrep, iyo Socket ayaa naga caawin kara inaan tijaabino sida awoodahan loogu dabaqi karo dhacdooyin sida la-jabsigii axios, halkaas oo xalka ugu dhaqsaha badan uu yahay in laga hortago in ku-tiirsanaanta nugul ama kuwa la jabsaday aysan haba yaraatee galaan habka dhismaha.
"Weeraryahannadu durba waxay moodellada ugu casriyeysan u adeegsanayaan sidii hub. Anagoo hirgelinayna Trusted Access for Cyber ee OpenAI iyo GPT-5.5, waxaan difaacayaasha Snyk siineynaa awood ay ugu ilaaliyaan silsiladaha sahayda muhiimka ah. Iskaashigan ma aha oo keliya marxalad muhiim ah; waa baahi istaraatiijiyeed.”
Isha-furan waa mid ka mid ah siyaabaha ugu dhaqsaha badan ee nuglaansho ugu faafi karto guud ahaan nidaamka deegaanka, sidaas darteed waxaan sidoo kale maalgelin ku sameyneynaa wakhtiga hore ee habka annagoo la shaqeynaya dayactirayaasha. Codex Security waxay ka caawisaa kooxaha inay aqoonsadaan, xaqiijiyaan, oo xalliyaan nuglaanshaha iyadoo la dhisayo nooc khatar ah oo u gaar ah saldhigga koodhka, la sahaminayo waddooyin weerar oo dhab-u-eg, lagu xaqiijinayo arrimaha goobo tijaabo oo la xakameeyo, oona la soo jeedinayo sixitaanno loogu talagalay dib-u-eegis bini’aadam.
Iyadoo loo marayo Codex-ga Isha Furan, dayactirayaasha la xushay ee mashaariicda muhiimka ah waxay heli karaan marin u hel Codex Security oo ku xiran shuruudo, oo ay weheliyaan kiridhityada Codex iyo API si loo yareeyo culayska dayactirka iyo dib-u-eegista.
Waxaan sidoo kale sii daynay qalab ku soo xiriirinta Codex Security oo si toos ah ugu keenaysa habsami-socodka shaqada amniga ee jira shaashad kasta oo Codex ah sida abka ama CLI-ga, taas oo horumariyeyaasha ka caawinaysa inay ka gudbaan qaabaynta hanjabaadaha una gudbaan ogaanshaha, xaqiijinta, falanqaynta dariiqa weerarka, iyo hagaajinnada la xaqiijiyey.
Marka moodelladu ay ku sii awood badnaadaan amniga internetka, isticmaalka ugu fiican ee awooddaas waa in lagu caawiyo difaacayaasha inay si dhakhso leh u helaan una hagaajiyaan meelaha nugul. Ballaarinta helitaanka awoodahaas si mas’uuliyad leh waxay u baahan tahay kalsooni xooggan oo ku saabsan cidda isticmaalaysa moodelka, nidaamyada ay bartilmaameedsanayaan, iyo haddii shaqada la oggolaaday. Marka ay sii hagaagaan xaqiijinta aqoonsiga iyo ururrada, xaddididda isticmaalka la oggolaaday, iyo la socodka isticmaalka khaldan, waxaan filaynaa in helitaanka adeeggan si tartiib-tartiib ah loo ballaarin doono.
Marin u helka Trusted Access for Cyber waa mid sahlan:
- Isticmaalayaasha shakhsi ahaaneed waxay aqoonsigooda ka xaqiijin karaan barta chatgpt.com/cyber(ku furmaa daaqad cusub).
- Shirkaduhu waxay kooxdooda ugu codsan karaan gelitaan lagu kalsoon yahay iyagoo adeegsanaya wakiilkooda OpenAI.
Dhammaan macaamiisha lagu ansixiyo habkan waxay heli doonaan nuqullo ka mid ah noocyada jira oo leh caqabado yar oo ku saabsan tallaabooyinka ilaalinta kuwaas oo laga yaabo inay kiciyaan hawlaha saybar ee laba-isticmaalka leh, taasoo u oggolaanaysa inay sii wadaan taageeridda waxbarashada amniga, barnaamij-samaynta difaaca, iyo cilmi-baarista nuglaanshaha ee mas’uulka ah.
Intii lagu jiray tijaabada wejiga hore ee softiweerka, GPT‑5.5‑Cyber ayaa horeyba loogu adeegsaday in lagu ballaariyo qiimeynta awoodda nidaamka ee otomaatigga ah ee nidaamyada muhiimka ah iyo in lagu xaqiijiyo nuglaansho heer-khatartoodu sarreyso, kuwaas oo aan ku diiwaangelin doonno falanqayn farsamo oo qoto dheer oo mustaqbalka ah, taas oo qayb ka ah shaacinta mas’uuliyadda ku dheehan.
Waxaan filaynaa inaan sii wadno dardargelinta difaacayaasha anagoo adeegsanayna moodello kala duwan, oo ay ku jiraan moodellada ugu waaweyn iyadoo loo maraayo Trusted Access for Cyber, iyo moodello loogu talagalay oo gaar u ah amniga intarneetka sida GPT‑5.5‑Cyber iyo moodello mustaqbalka xitaa ka awood badan dhanka amniga intarneetka.
