Scaling Trusted Access for Cyber with GPT‑5.5 and GPT‑5.5‑Cyber
How our latest models help each layer of the defensive ecosystem and accelerate the security flywheel.
For years we’ve been chronicling our work to accelerate cybersecurity defenders, as part of our broader work to build the core infrastructure for AI. Last week, we released our action plan Cybersecurity in the Intelligence Age, which lays out our vision for democratizing AI-powered defense. Two weeks ago, we released GPT‑5.5, our smartest and most intuitive model to date, which is already delivering powerful cybersecurity capabilities to developers and security teams through Trusted Access for Cyber (TAC).
Today, we are rolling out GPT‑5.5‑Cyber in limited preview to defenders responsible for securing critical infrastructure to support specialized cybersecurity workflows that help protect the broader ecosystem.
We are focused on providing proportional safeguards and access to empower cyber defenders to protect society, and our approach has been informed by conversations with cybersecurity and national security leaders across federal and state government and major commercial entities.
The cyber defense ecosystem is broad, and GPT‑5.5 and GPT‑5.5‑Cyber play different roles in meeting the needs of organizations and researchers across it, depending on the task, the setting, and the safeguards around how the model is used. For most teams, GPT‑5.5 with TAC is our strongest broadly useful model for legitimate defensive work, with strong safeguards against misuse.
In this post, we are sharing more details on how Trusted Access for Cyber works, how GPT‑5.5 and GPT‑5.5‑Cyber meet the varied needs of defenders across the ecosystem, and how different levels of access affect model outputs.
Trusted Access for Cyber is an identity and trust-based framework designed to help ensure enhanced cyber capabilities are being placed in the right hands. It is designed to make the cyber capabilities of GPT‑5.5 more useful for verified defenders working on defensive tasks, while continuing to restrict requests that could enable real-world harm.
When defenders are vetted and approved for Trusted Access for Cyber, they receive lower classifier-based refusals to enable authorized cybersecurity workflows, including vulnerability identification and triage, malware analysis, binary reverse engineering, detection engineering, and patch validation. Safeguards continue to block malicious activity such as credential theft, stealth, persistence, malware deployment, or exploitation of third-party systems.
As we announced last week, with increased access, defenders are required to have phishing-resistant account security protections. Individual members of Trusted Access for Cyber accessing our most cyber capable and permissive models will be required to enable Advanced Account Security beginning June 1, 2026. Organizations with trusted access can, as an alternative, attest that they have phishing resistant authentication as part of their single sign-on workflow.
Here is a breakdown for how to think about the current trusted access levels:
The differences between model access levels are most pronounced when comparing prompts and responses. The first example illustrates how GPT‑5.5 compares to GPT‑5.5 with Trusted Access for Cyber on a defensive task: create a proof-of-concept from a published vulnerability to validate remediation within an authorized environment.
- cve.org/CVERecord?id=CVE-2025-55182
- react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
For most defenders, GPT‑5.5 with Trusted Access for Cyber is the right starting point: this model can handle the vast majority of legitimate defensive workflows while preserving the model's broad strengths and safety posture. That includes secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation.
More specialized access becomes relevant only when authorized workflows still run into refusals. This occurs with higher risk workflows such as red teaming and penetration testing, where defenders may need to go beyond analysis, and validate exploitability in a controlled environment. GPT‑5.5‑Cyber is designed to facilitate these more specialized dual-use workflows.
Here’s a simple example that shows what that looks like in practice:
GPT‑5.5 是我們在通用知識工作與網路安全任務上最聰明、最直覺的模型,也是我們預期大多數防禦者會使用的模型。我們會在需要多步推理、工具使用,以及跨真實防禦工作流程持續執行的任務上評估其網路表現。
像 GPT‑5.5‑Cyber 這類較寬鬆網路模型的初始預覽版,目的並不是要讓網路能力相較 GPT‑5.5 大幅提升——其主要訓練方向是讓它在安全相關任務上更寬鬆。
因此,這次首波預覽並不預期會在所有網路評測中都超越 GPT‑5.5。相反地,它支援一個迭代式部署流程,既能加速防禦者工作,也能在更強的驗證、濫用監測、核准用途範圍限制與合作夥伴回饋配合下,安全支援需要較寬鬆行為的更專門授權工作流程。目前,搭配 Trusted Access for Cyber 的 GPT‑5.5 仍是大多數安全工作流程建議的起點。
我們與安全供應商合作,因為他們正處於模型能力可轉化為客戶保護的關鍵位置:發現、開發、偵測、回應與網路執行。當這些層面一同改善時,就會形成安全飛輪:研究人員揭露漏洞時會附上利用概念驗證與修補指引,軟體供應鏈工具能阻止脆弱程式碼與遭入侵的相依項進入正式環境,EDR 與 SIEM 夥伴可偵測實際環境中的利用行為,而網路與安全供應商則能在修補程式部署期間同步推出 WAF 層級的緩解措施。
搭配 Trusted Access for Cyber 的 GPT‑5.5 是這項工作的廣泛起點。它能幫助經驗證的防禦者在整個安全生命週期中加快行動,而 GPT‑5.5‑Cyber 則讓較小範圍的合作夥伴研究專門工作流程,在這些情況下,特殊的存取行為可能具有重要意義。目標是協助安全生態系更快保護客戶,並再從合作夥伴回饋中學習,了解何處需要更嚴謹的評估、驗證或防護措施。
網路與安全供應商
網路與安全供應商能在修補措施仍在推進期間降低曝險。當防禦者驗證某個漏洞並監看是否遭到利用時,他們也可以部署 WAF 規則、邊緣緩解措施與設定變更,在所有受影響系統都完成修補前,先削弱可能的攻擊路徑。GPT‑5.5 能支援規則審查、設定分析、事件調查,以及複雜環境中的安全變更管理。
我們正與這些合作夥伴合作,協助我們評估這些能力如何轉化為客戶可在網際網路規模上部署的防護,包括在關鍵基礎設施與公共服務等必須迅速降低曝險的場景中。
漏洞研究與修補
飛輪始於找出漏洞、驗證其嚴重性,並修補受影響系統。搭配 Trusted Access for Cyber 的 GPT‑5.5 能協助完成這項工作的大部分內容:理解不熟悉的程式碼、繪製受影響範圍、追查根本原因、審查修補程式、建立安全的重現框架、排列嚴重程度優先順序,以及把發現轉化為修補指引。
某些漏洞研究需要更寬鬆的行為,尤其是當已授權合作夥伴需要利用概念驗證以進行協調揭露或受控驗證時。這些正是 GPT‑5.5‑Cyber 能在更強驗證、監測與回饋循環下,協助我們與少數合作夥伴共同學習的工作流程。
偵測與監控
如果含有漏洞的軟體已經部署,下一個問題就是是否已有人正在利用它。EDR、SIEM、IGA/PAM 與監控合作夥伴會把新的安全公告,轉化為來自即時環境的證據:遙測資料、警示、偵測結果與回應工作流程。GPT‑5.5 可協助分析師串聯這些訊號、摘要真正重要的內容、草擬偵測機制,並更快從揭露階段走向調查。這個同樣的循環在雲端環境中特別重要,因為曝險、修補與偵測彼此緊密相連。
軟體供應鏈安全
飛輪的下一步,是防止已知有問題的程式碼一開始就進入正式環境。一旦漏洞或套件遭入侵事件被理解,軟體供應鏈工具便能協助阻止高風險相依項、惡意更新與有漏洞的程式碼路徑擴散至客戶環境。搭配 Trusted Access for Cyber 的 GPT‑5.5 能協助檢查相依項變更、推理自有程式碼中的可利用性、安排修補優先順序,並在開發週期更早階段揭露可疑套件行為。
像 Snyk、Gen Digital、Semgrep 與 Socket 等合作夥伴,可協助我們測試這些能力如何應用於像 axios 遭入侵這類事件;在這些情況下,最快的修正方式就是從源頭防止脆弱或遭入侵的相依項進入建置流程。
開源是漏洞在整個生態系中擴散最快的途徑之一,因此我們也正向上游維護者投入資源。Codex Security 透過建立程式碼庫專屬威脅模型、探索真實攻擊路徑、在隔離環境中驗證問題,以及提出供人工審查的修補建議,協助團隊識別、驗證並修補漏洞。
透過 Codex for Open Source,關鍵專案的獲選維護者可在獲得 Codex 與 API 額度的同時,有條件地取得 Codex Security 的使用權限,以降低維護與審查負擔。
我們也發布了 Codex Security plugin,可將既有安全工作流程直接帶入任何 Codex 介面,例如應用程式或 CLI,協助開發者從威脅建模進一步走向漏洞發現、驗證、攻擊路徑分析與已驗證的修復方案。
隨著模型在網路安全方面愈來愈強,最好的運用方式就是協助防禦者更快找出並修補弱點。若要以負責任的方式擴大這些能力的使用範圍,就需要更強的信心來確認:誰在使用模型、他們鎖定哪些系統,以及這項工作是否已獲授權。隨著更強的身分與組織驗證、核准用途範圍界定與濫用監測持續改善,我們預期存取範圍會隨時間逐步擴大。
取得 Trusted Access for Cyber 相當直接:
- 個人使用者可於 chatgpt.com/cyber(在新視窗中開啟) 驗證身分。
- 企業可透過其 OpenAI 代表,為團隊申請 trusted access。
所有經此流程核准的客戶,都將取得現有模型的特定版本;這些版本在可能因具雙重用途的網路活動而觸發的防護措施上摩擦更少,讓他們得以持續支援安全教育、防禦性程式設計,以及負責任的漏洞研究。
在 alpha 測試期間,GPT‑5.5‑Cyber 已被用於擴大對關鍵系統的自動化紅隊測試,並驗證高嚴重性漏洞;我們將在未來的技術深度解析中,作為負責任揭露的一部分加以說明。
我們預期將持續以各類模型加速防禦者,包括透過 Trusted Access for Cyber 提供的旗艦模型,以及像 GPT‑5.5‑Cyber 這樣的專用網路模型,未來還會有更具網路能力的模型。
