A Familiar Playbook, Played Twice
Picture this: you’re a security researcher at a mid-sized financial institution. It’s 2026, and you’ve just heard that OpenAI is rolling out GPT-5.5 Cyber — a tool specifically built to help defenders like you detect and respond to AI-powered threats. You go to request access. There’s a form. There’s a vetting process. There’s a waitlist. You are, apparently, not yet “critical” enough. You close the tab and wonder where you’ve seen this movie before.
You have. About five minutes ago, when OpenAI was publicly criticizing Anthropic for doing the exact same thing with Mythos.
What Actually Happened
OpenAI CEO Sam Altman announced on X that GPT-5.5 Cyber would begin rolling out to “critical cyber defenders” within days. The framing was careful and deliberate — this is a tool for defense, not offense, and access would be gated accordingly. The stated goal was to strengthen cybersecurity defenses against a new generation of AI-assisted attacks.
That is a reasonable goal. Nobody serious is arguing that a powerful offensive-capable AI tool should be handed out without friction. The problem is not the policy itself. The problem is the posture OpenAI adopted before arriving at this exact same policy.
When Anthropic restricted access to Mythos — its own high-capability model — OpenAI’s public response carried a distinct tone of criticism. The implication was that Anthropic was being overly cautious, paternalistic, or perhaps strategically self-serving in limiting who could use its platform. Now OpenAI has drawn its own velvet rope around GPT-5.5 Cyber, and the justifications sound remarkably familiar: limiting access makes it harder for attackers to develop and deploy AI-powered threats.
That argument, by the way, is correct. It was also correct when Anthropic made it.
The Architecture of Selective Criticism
From a technical standpoint, what we are watching is not hypocrisy born of carelessness. It is something more structurally interesting: two frontier labs independently arriving at the same architectural conclusion about deployment risk, but at different times, and with different PR strategies surrounding each arrival.
Both Mythos and GPT-5.5 Cyber sit at a capability threshold where the dual-use problem becomes acute. A model trained to understand offensive cyber techniques well enough to defend against them is, almost by definition, a model that understands offensive cyber techniques. The knowledge is not separable. You cannot build a system that recognizes novel malware patterns without building a system that could, in the wrong hands, generate them.
This is not a new problem in security tooling — it predates AI by decades. Metasploit, Cobalt Strike, and dozens of other penetration testing frameworks have always walked this line. What changes with large language models is the accessibility gradient. A skilled attacker using a traditional exploit framework still needs significant domain expertise. A sufficiently capable AI assistant compresses that expertise requirement dramatically. That compression is precisely what makes these tools valuable to defenders — and dangerous in other hands.
Vetting as Infrastructure
The more interesting technical question is not whether to gate access, but how. “Critical cyber defenders” is a category, not a verification system. Who decides what qualifies? What does the vetting process actually check — institutional affiliation, use-case documentation, prior security clearances? How does that process scale as demand grows?
OpenAI has not published the specifics of its vetting architecture, and that gap matters. A gating system that is too coarse will exclude legitimate researchers at smaller organizations, academic institutions, or under-resourced public sector teams — exactly the defenders who may need capable tooling most. A system that is too permeable defeats its own purpose.
Anthropic faced the same design challenge with Mythos. Neither company has been particularly transparent about the mechanics of their access tiers, which makes external evaluation of these policies nearly impossible. We are asked to trust the outcome without being able to audit the process.
What This Tells Us About the Frontier Lab Moment
There is a pattern forming in how frontier AI labs handle capability releases in sensitive domains. The public narrative often runs ahead of the internal policy, and the internal policy eventually catches up to what the criticized competitor was already doing. This is not unique to OpenAI — it reflects the genuine difficulty of making deployment decisions in real time, under competitive pressure, with incomplete information about how a model will be used at scale.
What it does suggest is that the criticism phase of these cycles is often less about principled disagreement and more about positioning. When the technical realities assert themselves, the policies converge. The labs end up in roughly the same place. The difference is mostly in who said what on X along the way.
For those of us watching the architecture of AI deployment evolve, the more productive question is not who criticized whom first. It is whether the vetting systems being built around these tools are actually solid enough to do the job they claim to do — and whether we will ever get enough transparency to find out.
🕒 Published: