OpenAI restricts Cyber access after criticizing Anthropic for limiting Mythos

In a surprising turn of events, OpenAI has decided to restrict access to its cybersecurity tool Cyber, despite earlier criticism of rival Anthropic for doing the same with its Mythos tool. This move has sparked debate about consistency and transparency in the AI industry.

The controversy behind OpenAI restricts Cyber access

Just weeks after OpenAI CEO Sam Altman dismissed Anthropic’s decision to limit Mythos as “fear-based marketing,” the company announced it would roll out GPT-5.5 Cyber only to “critical cyber defenders.” Altman confirmed this on X (formerly Twitter) on Thursday, revealing a stark policy reversal.

Critics quickly pointed out the irony. When Anthropic restricted Mythos, Altman called the tactic unnecessary and overblown. Now, OpenAI is following the same playbook, raising questions about double standards in the industry.

How the Cyber tool works and who gets access

OpenAI’s Cyber tool is designed for advanced cybersecurity tasks, including penetration testing, vulnerability identification, and malware reverse engineering. The application process requires users to submit credentials and planned use cases to gain access.

According to OpenAI’s website, the tool aims to help companies find security holes and test defenses. However, the company fears misuse by malicious actors, which is why access is limited.

The Trusted Access for Cyber (TAC) program

OpenAI has introduced the TAC program to verify legitimate users. A spokesperson told TechCrunch that the system has scaled to thousands of verified defenders and hundreds of teams responsible for protecting critical software. These users can access GPT-5.5 for cybersecurity tasks with fewer safeguards.

The TAC program is tiered, meaning that “critical defenders with legitimate defensive use cases” can apply for access to dedicated models like GPT-5.4-Cyber and the forthcoming GPT-5.5-Cyber.

Industry reactions and the Anthropic comparison

When Anthropic restricted Mythos, Altman called the approach fear-based. Some critics agreed, saying Anthropic’s rhetoric was overblown. Ironically, an unauthorized group reportedly gained access to Mythos anyway, undermining the security rationale.

Now, OpenAI faces similar skepticism. Critics argue that restricting access doesn’t prevent misuse but instead limits innovation. Others point out that the move could be seen as a marketing tactic, just as Altman accused Anthropic of doing.

Building on this, OpenAI says it’s working with the U.S. government to expand access. The company plans to identify more users with legitimate cybersecurity credentials, potentially making Cyber more widely available in the future.

What this means for the cybersecurity landscape

OpenAI restricts Cyber access at a time when cybersecurity threats are escalating. The decision highlights the tension between making powerful tools available for defense and preventing their misuse by attackers.

As a result, the industry is watching closely. Will OpenAI’s TAC program succeed where Anthropic’s failed? Or will restricted access lead to similar breaches and criticism?

For now, the focus remains on balancing security with accessibility. Companies like IBM Security and CrowdStrike offer similar tools but with different access models, suggesting there’s no one-size-fits-all solution.

Ultimately, the debate over OpenAI restricts Cyber access reflects broader questions about AI governance. As tools become more powerful, the challenge is to ensure they’re used responsibly without stifling innovation.