Scaling Trusted Access for Cyber with GPT‑5.5 and GPT‑5.5‑Cyber
How our latest models help each layer of the defensive ecosystem and accelerate the security flywheel.
For years we’ve been chronicling our work to accelerate cybersecurity defenders, as part of our broader work to build the core infrastructure for AI. Last week, we released our action plan Cybersecurity in the Intelligence Age, which lays out our vision for democratizing AI-powered defense. Two weeks ago, we released GPT‑5.5, our smartest and most intuitive model to date, which is already delivering powerful cybersecurity capabilities to developers and security teams through Trusted Access for Cyber (TAC).
Today, we are rolling out GPT‑5.5‑Cyber in limited preview to defenders responsible for securing critical infrastructure to support specialized cybersecurity workflows that help protect the broader ecosystem.
We are focused on providing proportional safeguards and access to empower cyber defenders to protect society, and our approach has been informed by conversations with cybersecurity and national security leaders across federal and state government and major commercial entities.
The cyber defense ecosystem is broad, and GPT‑5.5 and GPT‑5.5‑Cyber play different roles in meeting the needs of organizations and researchers across it, depending on the task, the setting, and the safeguards around how the model is used. For most teams, GPT‑5.5 with TAC is our strongest broadly useful model for legitimate defensive work, with strong safeguards against misuse.
In this post, we are sharing more details on how Trusted Access for Cyber works, how GPT‑5.5 and GPT‑5.5‑Cyber meet the varied needs of defenders across the ecosystem, and how different levels of access affect model outputs.
Trusted Access for Cyber is an identity and trust-based framework designed to help ensure enhanced cyber capabilities are being placed in the right hands. It is designed to make the cyber capabilities of GPT‑5.5 more useful for verified defenders working on defensive tasks, while continuing to restrict requests that could enable real-world harm.
When defenders are vetted and approved for Trusted Access for Cyber, they receive lower classifier-based refusals to enable authorized cybersecurity workflows, including vulnerability identification and triage, malware analysis, binary reverse engineering, detection engineering, and patch validation. Safeguards continue to block malicious activity such as credential theft, stealth, persistence, malware deployment, or exploitation of third-party systems.
As we announced last week, with increased access, defenders are required to have phishing-resistant account security protections. Individual members of Trusted Access for Cyber accessing our most cyber capable and permissive models will be required to enable Advanced Account Security beginning June 1, 2026. Organizations with trusted access can, as an alternative, attest that they have phishing resistant authentication as part of their single sign-on workflow.
Here is a breakdown for how to think about the current trusted access levels:
The differences between model access levels are most pronounced when comparing prompts and responses. The first example illustrates how GPT‑5.5 compares to GPT‑5.5 with Trusted Access for Cyber on a defensive task: create a proof-of-concept from a published vulnerability to validate remediation within an authorized environment.
- cve.org/CVERecord?id=CVE-2025-55182
- react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
For most defenders, GPT‑5.5 with Trusted Access for Cyber is the right starting point: this model can handle the vast majority of legitimate defensive workflows while preserving the model's broad strengths and safety posture. That includes secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation.
More specialized access becomes relevant only when authorized workflows still run into refusals. This occurs with higher risk workflows such as red teaming and penetration testing, where defenders may need to go beyond analysis, and validate exploitability in a controlled environment. GPT‑5.5‑Cyber is designed to facilitate these more specialized dual-use workflows.
Here’s a simple example that shows what that looks like in practice:
GPT‑5.5 是我们在通用知识工作和网络安全任务中都最智能、最直观的模型,也是我们预计大多数防御者会使用的模型。我们通过需要多步推理、工具使用和在真实防御工作流中持续执行的任务来评估其网络表现。
像 GPT‑5.5‑Cyber 这类在网络安全任务上限制更少的模型,其初始预览版并非旨在让网络安全能力显著超越 GPT‑5.5 — 它主要是经过训练,以便在安全相关任务上限制更少。
因此,首个预览版本预计不会在所有网络安全评测中都优于 GPT‑5.5。相反,它支持一种迭代式部署流程,既能帮助防御者提升效率,也能在更严格的身份验证、滥用监测、授权用途范围控制以及合作伙伴反馈机制的配合下,安全地支持那些需要更少限制的专业化授权工作流。目前,对于大多数安全工作流,配合‘网络安全受信访问’计划的 GPT‑5.5 仍是推荐的起点。
我们之所以与安全厂商合作,是因为它们正处在模型能力能够转化为客户保护的关键位置:发现、开发、检测、响应和网络执行。当这些层级共同改进时,就会形成一个安全正向循环:研究人员披露漏洞并提供漏洞利用概念验证和补丁指导;软件供应链工具阻止有漏洞的代码和被攻陷的依赖进入生产环境;EDR 和 SIEM 合作伙伴检测真实环境中的利用;网络和安全提供商在修复部署期间下发 WAF 级缓解措施。
配合“网络安全受信访问”计划的 GPT‑5.5 是这项工作的广泛起点。它可以帮助经验证的防御者在整个安全生命周期中更快行动,而 GPT‑5.5‑Cyber 则让更小范围的合作伙伴研究那些更高权限访问模式可能重要的高级工作流。目标是帮助安全生态系统更快保护客户,然后从合作伙伴反馈中学习在哪些方面需要更严格的评估、验证或防护。
网络和安全提供商
网络和安全提供商可以在修复仍在推出时降低暴露风险。当防御者验证漏洞并监测是否发生利用时,他们也可以部署 WAF 规则、边缘网络缓解措施和配置变更,在所有受影响系统尚未完成修复之前,削弱可能的攻击路径。GPT‑5.5 可以在复杂环境中支持规则审查、配置分析、事件调查和安全变更管理。
我们正与这些合作伙伴合作,帮助我们评估这些能力如何转化为客户能够以互联网规模部署的保护措施,包括关键基础设施和公共服务中那些快速降低暴露风险尤为重要的场景。
漏洞研究与修补
正向循环始于发现漏洞、验证其严重性并修补受影响系统。配合“网络安全受信访问”计划的 GPT‑5.5 可以帮助完成这项工作中的大部分内容:理解陌生代码、映射受影响面、追踪根因、审查补丁、构建安全复现框架 (harness)、确定严重程度优先级,以及将发现转化为修复指导。
某些漏洞研究需要更少的限制,尤其是在获授权合作伙伴需要漏洞利用概念验证以进行协调披露或受控验证时。这些正是 GPT‑5.5‑Cyber 可以在更强的验证、监测和反馈回路下,帮助我们与较小范围合作伙伴共同学习的工作流。
检测与监控
如果有漏洞的软件已经部署,下一个问题就是是否有人正在利用它。EDR、SIEM、IGA/PAM 和监控合作伙伴会把新的安全通告转化为来自实时环境的证据:遥测、告警、检测结果和响应工作流。GPT‑5.5 可以帮助分析师关联这些信号、总结关键信息、起草检测内容,并更快地从披露走向调查。这个闭环在云环境中尤为重要,因为暴露风险、修复和检测彼此紧密耦合。
软件供应链安全
下一步是从源头阻止已知不良代码进入生产环境。一旦漏洞或软件包入侵被理解清楚,软件供应链工具就能帮助阻止高风险依赖、恶意更新和脆弱代码路径在客户环境中扩散。配合“网络安全受信访问”计划的 GPT‑5.5 可以帮助检查依赖变更、对自有代码中的可利用性进行推理、确定修复优先级,并在开发周期的更早阶段暴露可疑软件包行为。
像 Snyk、Gen Digital、Semgrep 和 Socket 这样的合作伙伴可以帮助我们测试这些能力如何应用于类似 Axios 入侵这类事件,在这种情况下,最快的修复方式是从一开始就阻止有漏洞或被攻陷的依赖进入构建流程。
开源是漏洞在生态系统中传播最快的途径之一,因此我们也在与维护者一起向上游投入。Codex Security 通过构建特定代码库的威胁模型、探索真实攻击路径、在隔离环境中验证问题以及提出供人工审查的补丁,帮助团队识别、验证和修复漏洞。
通过 Codex for Open Source,关键项目的入选维护者可以获得对 Codex Security 的条件性访问权限,以及 Codex 和 API 额度,以减轻维护和审查负担。
我们还发布了一个 Codex Security 插件,可将现有安全工作流直接带入任何 Codex 界面(如应用或 CLI),帮助开发者从威胁建模推进到漏洞发现、验证、攻击路径分析和修复方案验证。
随着模型在网络安全方面变得更强,最佳用法是帮助防御者更快发现并修复弱点。要负责任地扩展这些能力的访问范围,就需要对谁在使用模型、他们针对哪些系统以及相关工作是否获得授权有更强把握。随着更强的身份和组织验证、授权用途边界管理以及滥用监测不断改进,我们预计访问范围会随着时间推移逐步扩大。
加入“网络安全受信访问”计划的流程如下:
- 个人用户可在 chatgpt.com/cyber(在新窗口中打开) 验证身份。
- 企业可通过其 OpenAI 代表为团队申请受信访问。
所有通过该流程获批的客户都将获得现有模型版本的访问权限,这些版本在可能因双重用途网络活动而触发的防护上摩擦更小,从而使他们能够继续支持安全教育、防御性编程和负责任的漏洞研究。
在 alpha 测试期间,GPT‑5.5‑Cyber 已被用于扩展关键系统的自动化红队测试,并验证高严重性漏洞;作为负责任披露的一部分,我们将在未来的技术深度解析中记录这些内容。
我们预计将继续通过多种模型加速防御者,包括通过“网络安全受信访问”计划提供我们的旗舰模型,以及像 GPT‑5.5‑Cyber 这样的专用网络模型,以及未来网络能力更强的模型。
