Two Cyber-AIs, Two Fates: OpenAI Ships GPT-5.5-Cyber While Anthropic's Mythos Stays Dark

OpenAI ships its sharpest cyber model yet

On June 22, 2026, OpenAI moved its most capable offensive-security model out of limited preview and into a full release, bundling it with two new programs under its "Daybreak" cybersecurity initiative. The model, GPT-5.5-Cyber, is a variant tuned specifically for vulnerability discovery, exploit generation, and red-teaming — work that the company's general-purpose models are deliberately built to refuse.

According to SiliconANGLE, the release came packaged with three things: the full GPT-5.5-Cyber model itself, an open-source patching effort called "Patch the Planet," and a "Daybreak Cyber Partner Program" that lets security vendors fold the model into their own products. Access to the most permissive variant stays gated behind OpenAI's "Trusted Access for Cyber" vetting framework — you don't simply log in and ask it to write an exploit.

What makes this worth a longer look isn't only the model. It's the timing. Ten days earlier, a near-identical capability from a competitor was forced offline. The contrast between those two outcomes is the most revealing AI-governance story of the week.

What's actually new

The headline change is capability paired with distribution. Per heise online and SiliconANGLE, GPT-5.5-Cyber now lifts some of the safety friction that normally trips on dual-use cyber requests, but only for accounts that clear identity and trust checks. The model is described as able to find a vulnerability, examine its context, and "initiate a patch cycle" — develop a fix, test it in a sandboxed environment, and prepare it for human review.

That last clause matters. "Patch the Planet," run with partners including Trail of Bits and HackerOne, funds researchers to work directly with maintainers of widely used open-source projects. SiliconANGLE reports more than 30 projects have signed on, naming cURL, Go, Python, Sigstore, and pyca/cryptography. Crucially, OpenAI says a human security engineer reviews every finding before it reaches a maintainer — an acknowledgment that flooding volunteer open-source teams with machine-generated bug reports could do more harm than good.

The partner program reads like a who's-who of enterprise security. SiliconANGLE lists Accenture, Cisco, CrowdStrike, IBM, Okta, Palo Alto Networks, and Wiz; heise and Decrypt cite a roughly 28-to-30-company roster that also includes names like Cloudflare and Sophos. The exact list varies by outlet, which is itself a useful reminder that early reporting on a launch this fresh is still settling.

The number everyone is quoting

The figure driving headlines is a CyberGym score of 85.6%, up from 81.8% for the standard GPT-5.5. Both heise and SiliconANGLE report those two numbers identically, so that internal jump — a cyber-tuned model beating its general-purpose sibling — looks solid.

CyberGym is described across sources as a benchmark where an AI agent must locate a known vulnerability in a large codebase; heise notes it tests discovery, not patching. So even taken at face value, an 85.6% says the model is good at finding bugs, not necessarily at safely fixing them — a distinction the patch-cycle marketing tends to blur.

The comparison to Anthropic's now-sidelined Mythos model is shakier, and worth flagging clearly. Decrypt puts Mythos 5 at 83.8% on CyberGym; heise reports 83.1%; earlier trade coverage floated other figures still. A sub-two-point gap that different outlets can't even agree on is not a meaningful ranking. Decrypt itself notes that "a less-than-two-point gap on any benchmark would normally be unremarkable." Treat "OpenAI's model is the best at cyber" as a marketing claim, not an established fact.

The real story: two models, two fates

Here is what actually separates this launch from a routine model update. Both OpenAI and Anthropic built frontier models with serious offensive-cyber ability. Both tried to restrict access to vetted defenders. They ended up in opposite places.

Per Decrypt, Anthropic's Mythos models were pulled offline on June 12 after the Trump administration issued an emergency export-control directive citing national-security concerns. OpenAI's GPT-5.5-Cyber, by contrast, shipped — and Decrypt reports the reason directly: OpenAI "ran pre-deployment tests with federal agencies — including the Center for AI Standards and Innovation and the Office of the National Cyber Director — before launch." In other words, OpenAI appears to have cleared its approach with the government before opening the door, rather than after.

That is a governance lesson dressed up as a product release. The capability gap between the two models is, by every benchmark cited, negligible. The outcome gap is enormous: one company is signing up CrowdStrike and Cisco as partners while the other's model sits dark. The deciding variable wasn't model quality — it was process, sequencing, and who you talked to first.

Hype versus real

A few cautions before anyone declares the defenders have won. First, the dual-use problem doesn't disappear because access is gated. A model that can reliably find and weaponize vulnerabilities is dangerous in exactly the proportion that it is useful; the safety story rests entirely on the vetting framework holding up, and "Trusted Access" is only as strong as its weakest verified account. None of the sources here independently audited that gate.

Second, the benchmark proves less than the announcement implies. Finding a known bug in a controlled environment is not the same as defending a live, messy network — or as safely shipping patches at scale. The human-review requirement on Patch the Planet is a tacit admission that the automation isn't trusted to run unattended.

Third, the competitive framing — "beats the banned model" — is doing rhetorical work. With Mythos offline and the score gap within noise, OpenAI gets to claim the crown of a contest its main rival was removed from. Decrypt also notes the reporting is, for now, one-sided: it found no direct government or expert commentary criticizing OpenAI's release. Absence of public objection is not the same as a clean bill of health.

The takeaway

The substantive news is real: OpenAI has shipped a genuinely capable offensive-security model to a vetted set of defenders, alongside a credible open-source patching program with named, serious partners. The 85.6% CyberGym figure and the 81.8% baseline are consistent across reputable reporting; the Mythos comparison is not, and should be read skeptically.

But the durable lesson isn't about benchmarks. Two labs built nearly the same dangerous capability, and the one that engaged regulators before launch is in business while the one that didn't is offline. In frontier AI's most sensitive corner, governance process — not model quality — is becoming the thing that decides whether you ship. That's a shift worth watching, because it rewards the labs best at navigating Washington as much as the ones best at building models.