Scaling Trusted Access for Cyber with GPT‑5.5 and GPT‑5.5‑Cyber
How our latest models help each layer of the defensive ecosystem and accelerate the security flywheel.
For years we’ve been chronicling our work to accelerate cybersecurity defenders, as part of our broader work to build the core infrastructure for AI. Last week, we released our action plan Cybersecurity in the Intelligence Age, which lays out our vision for democratizing AI-powered defense. Two weeks ago, we released GPT‑5.5, our smartest and most intuitive model to date, which is already delivering powerful cybersecurity capabilities to developers and security teams through Trusted Access for Cyber (TAC).
Today, we are rolling out GPT‑5.5‑Cyber in limited preview to defenders responsible for securing critical infrastructure to support specialized cybersecurity workflows that help protect the broader ecosystem.
We are focused on providing proportional safeguards and access to empower cyber defenders to protect society, and our approach has been informed by conversations with cybersecurity and national security leaders across federal and state government and major commercial entities.
The cyber defense ecosystem is broad, and GPT‑5.5 and GPT‑5.5‑Cyber play different roles in meeting the needs of organizations and researchers across it, depending on the task, the setting, and the safeguards around how the model is used. For most teams, GPT‑5.5 with TAC is our strongest broadly useful model for legitimate defensive work, with strong safeguards against misuse.
In this post, we are sharing more details on how Trusted Access for Cyber works, how GPT‑5.5 and GPT‑5.5‑Cyber meet the varied needs of defenders across the ecosystem, and how different levels of access affect model outputs.
Trusted Access for Cyber is an identity and trust-based framework designed to help ensure enhanced cyber capabilities are being placed in the right hands. It is designed to make the cyber capabilities of GPT‑5.5 more useful for verified defenders working on defensive tasks, while continuing to restrict requests that could enable real-world harm.
When defenders are vetted and approved for Trusted Access for Cyber, they receive lower classifier-based refusals to enable authorized cybersecurity workflows, including vulnerability identification and triage, malware analysis, binary reverse engineering, detection engineering, and patch validation. Safeguards continue to block malicious activity such as credential theft, stealth, persistence, malware deployment, or exploitation of third-party systems.
As we announced last week, with increased access, defenders are required to have phishing-resistant account security protections. Individual members of Trusted Access for Cyber accessing our most cyber capable and permissive models will be required to enable Advanced Account Security beginning June 1, 2026. Organizations with trusted access can, as an alternative, attest that they have phishing resistant authentication as part of their single sign-on workflow.
Here is a breakdown for how to think about the current trusted access levels:
The differences between model access levels are most pronounced when comparing prompts and responses. The first example illustrates how GPT‑5.5 compares to GPT‑5.5 with Trusted Access for Cyber on a defensive task: create a proof-of-concept from a published vulnerability to validate remediation within an authorized environment.
- cve.org/CVERecord?id=CVE-2025-55182
- react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
For most defenders, GPT‑5.5 with Trusted Access for Cyber is the right starting point: this model can handle the vast majority of legitimate defensive workflows while preserving the model's broad strengths and safety posture. That includes secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation.
More specialized access becomes relevant only when authorized workflows still run into refusals. This occurs with higher risk workflows such as red teaming and penetration testing, where defenders may need to go beyond analysis, and validate exploitability in a controlled environment. GPT‑5.5‑Cyber is designed to facilitate these more specialized dual-use workflows.
Here’s a simple example that shows what that looks like in practice:
GPT‑5.5 是我們在通用知識工作和網絡安全任務方面最智能、最直覺化的模型,亦是我們預期大多數防禦者會使用的模型。我們會根據需要多步推理、工具使用,以及在真實防禦工作流程中持續推進的任務,評估網絡表現。
像 GPT‑5.5‑Cyber 這類較寬鬆的網絡模型,其初步預覽並非旨在把網絡能力顯著提升至超越 GPT‑5.5;模型主要經過訓練,能在安全相關任務上採取較寬鬆的回覆方式。
因此,首個預覽版預期不會在每項網絡評估中都優於 GPT‑5.5。相反,模型支援一個循序漸進的部署流程,一方面加快防禦者工作,另一方面安全支援需要較寬鬆行為的更專門已授權工作流程,並配合更強的驗證、誤用監察、已批准用途範圍界定及合作夥伴回饋。目前,配合網絡可信存取使用的 GPT‑5.5 仍然是大多數安全工作流程的建議起點。
我們正與安全供應商合作,因為他們所在的位置,正是模型能力可以轉化為客戶保護的地方:發現、開發、偵測、回應和網絡執行。當這些層面一同改善,就會形成安全飛輪:研究人員披露漏洞,並提供利用概念驗證和修補指引;軟件供應鏈工具防止有漏洞的程式碼和受入侵依賴項進入生產環境;EDR 和 SIEM 合作夥伴偵測實際環境中的利用行為;網絡和安全供應商則在修復推出期間部署 WAF 層級的緩解措施。
配合網絡可信存取使用的 GPT‑5.5,是這項工作的廣泛起點。這套架構可以協助已驗證防禦者更快推進整個安全生命週期,而 GPT‑5.5‑Cyber 則讓較小規模的合作夥伴群組研究進階工作流程,了解專門存取行為可能發揮作用的地方。目標是協助安全生態系統更快保護客戶,然後從合作夥伴回饋中了解哪些地方需要更嚴謹的評估、驗證或保障措施。
網絡和安全供應商
網絡和安全供應商可以在修復仍在推出期間減少暴露面。當防禦者驗證漏洞並監察利用跡象時,他們亦可部署 WAF 規則、邊緣緩解措施和配置變更,在每個受影響系統完成補救之前,削弱可能的攻擊路徑。GPT‑5.5 可以支援複雜環境中的規則審查、配置分析、事故調查和安全變更管理。
我們正與這些合作夥伴合作,協助評估這些能力如何轉化為客戶可在互聯網規模部署的保護,包括在關鍵基礎設施和公共服務等需要快速減少暴露面的場景。
漏洞研究和修補
飛輪由尋找漏洞、驗證其嚴重程度,以及修補受影響系統開始。配合網絡可信存取使用的 GPT‑5.5 可以協助完成大部分這類工作:理解不熟悉的程式碼、找出受影響的層面、追蹤根本原因、審查修補程式、建立安全重現測試框架、優先排序嚴重程度,以及將發現轉化為補救指引。
部分漏洞研究需要較寬鬆的行為,尤其是已授權合作夥伴需要利用概念驗證,以進行協調披露或受控驗證時。GPT‑5.5‑Cyber 正是可以在更強驗證、監察和回饋循環下,協助我們與較小規模合作夥伴群組學習的工作流程。
偵測和監察
如果有漏洞的軟件已經部署,下一個問題是了解是否有人正在利用漏洞。EDR、SIEM、IGA/PAM 和監察合作夥伴會將新的安全公告轉化為來自即時環境的證據:遙測資料、警報、偵測和回應工作流程。GPT‑5.5 可以協助分析師串連這些訊號、總結重點、草擬偵測邏輯,並更快由披露推進至調查。同一循環在雲端環境中尤其重要,因為暴露面、補救和偵測環環相扣。
軟件供應鏈安全
下一步是在一開始就防止已知惡意程式碼進入生產環境。一旦理解某個漏洞或套件受入侵的情況,軟件供應鏈工具便可協助在風險依賴項、惡意更新和有漏洞程式碼路徑於客戶環境中擴散之前將其阻止。配合網絡可信存取使用的 GPT‑5.5 可以協助檢查依賴項變更、推理自有程式碼中的可利用性、優先處理補救工作,並在開發週期較早階段揭示可疑套件行為。
Snyk、Gen Digital、Semgrep 和 Socket 等合作夥伴可協助我們測試這些能力如何應用於 axios 受入侵等事故,在這類情況中,最快的修復方式就是從一開始防止有漏洞或受入侵的依賴項被納入版本建立流程。
開源是漏洞在生態系統中快速擴散的其中一條最快途徑,因此我們亦正與維護者合作,投資上游環節。Codex Security 透過建立針對程式碼庫的威脅模型、探索真實攻擊路徑、在隔離環境中驗證問題,並提出供人類審查的修補程式,協助團隊識別、驗證和補救漏洞。
透過 Codex for Open Source,獲選的關鍵項目維護者可有條件存取 Codex Security,並獲得 Codex 和 API 積分,以減輕維護和審查負擔。
我們亦已發佈 Codex Security 外掛程式,將現有安全工作流程直接帶到應用程式或 CLI 等任何 Codex 介面,協助開發人員由威脅建模推進至發現問題、驗證、攻擊路徑分析,以及經驗證的修復。
隨着模型在網絡安全方面變得更強,這些能力的最佳用途就是協助防禦者更快發現並修復弱點。要負責任地擴展這些能力的存取權,需要更有信心知道誰在使用模型、他們鎖定哪些系統,以及相關工作是否獲授權。隨着更強的身份和機構驗證、已批准用途範圍界定,以及誤用監察持續改進,我們預期存取權會隨時間擴大。
取得網絡可信存取權十分簡單:
- 個別用戶可在 chatgpt.com/cyber(在新視窗中開啟) 驗證身份。
- 企業可透過其 OpenAI 代表,為團隊申請可信存取權。
所有透過此流程獲批的客戶,都可存取現有模型的特定版本;這些版本可減少雙重用途網絡活動可能觸發保障措施時造成的阻力,讓客戶繼續支援安全教育、防禦性編程,以及負責任的漏洞研究。
在 alpha 版本測試期間,GPT‑5.5‑Cyber 已用於擴展關鍵系統的自動化紅隊演練,並驗證高嚴重程度漏洞。我們會在未來的技術深入解析中,作為負責任披露的一部分記錄相關內容。
我們預期將繼續透過不同模型加快防禦者工作,包括透過網絡可信存取使用我們的旗艦模型,以及使用 GPT‑5.5‑Cyber 等專用網絡模型,並在未來推出網絡能力更強的模型。
