- OpenAI offered the European Commission access to GPT-5.5-Cyber, a version of its latest AI model tuned for cybersecurity work
- Anthropic has held four or five meetings with EU officials but has not offered comparable access to its Mythos hacking model
- 30 MEPs and four EU countries have pressed the Commission to gain access to Anthropic’s model before enforcement powers begin in August
OpenAI has offered the European Commission access to GPT-5.5-Cyber, a variation of its latest AI model designed to identify and exploit software vulnerabilities, according to Politico. The move, brokered by former U.K. Chancellor George Osborne, would give EU cybersecurity officials, governments, and the AI Office a preview of the model’s capabilities.
European Commission spokesperson Thomas Regnier welcomed what he called OpenAI’s transparency, saying it would allow the bloc to monitor the model’s deployment and address security concerns. The Commission confirmed further talks would follow this week.
The contrast with Anthropic is sharp. The company released Mythos a month ago, granting access to a dozen U.S. tech firms and 40 unnamed organizations. European regulators were excluded. Regnier said the EU has had four or five meetings with Anthropic but that discussions are not yet at the same stage as the solution put on the table by OpenAI, per Channel News Asia.
The Access Problem
The standoff exposes a structural weakness in the EU’s regulatory architecture. The AI Office, less than two years old, has roughly 140 staff and a safety unit of 36 people. It cannot audit what it cannot access. Regnier warned that once enforcement powers begin in August 2026, the Commission would ensure it receives model access if needed, according to Politico.
Thirty members of the European Parliament have called on Commission tech chief Henna Virkkunen to produce a European mitigation plan. Spain, along with three other EU countries, has formally requested more coordination. Germany’s Bundesbank publicly demanded access to Mythos, arguing that without it European banks cannot test their infrastructure against AI-powered cyber threats, TNW reported.
The EU delayed AI Act enforcement by 16 months after industry pressure. That delay now means the Commission’s binding authority to demand model access will not arrive until August, leaving a gap that companies can fill with voluntary arrangements or ignore entirely.
FAQ
What is GPT-5.5-Cyber?
It is a variation of OpenAI’s latest model tuned specifically for cybersecurity tasks, including identifying software vulnerabilities. The model has safeguards to prevent misuse but EU officials would get access to the most capable version.
Why does the EU want access to Anthropic’s Mythos?
Mythos can identify and exploit zero-day vulnerabilities in major operating systems and web browsers. Without access, European regulators and banks cannot test their own infrastructure against the threats such a model could pose.
When can the EU legally demand model access?
The AI Office’s enforcement powers begin in August 2026. Until then, access depends on voluntary cooperation from companies like OpenAI and Anthropic.
