GPT-5.5-Cyber vs Anthropic Glasswing — what's the difference?

Both are restricted-access cybersecurity AI programs from frontier labs, designed to be 'too important to shut down' for political-economic reasons. GPT-5.5-Cyber (launched in full June 23, 2026) scores 85.6% on the CyberGym benchmark vs 81.8% for standard GPT-5.5. Access is gated through OpenAI's Trusted Access for Cyber program for defenders only. Anthropic's Project Glasswing launched earlier in 2026 with 50+ partners and famously survived the Fable 5 US government suspension, earning protected status. GPT-5.5-Cyber + the new Codex Security IDE plugin + Patch the Planet open-source initiative is OpenAI's complete strategic answer to Glasswing — the parallels are exact.

What does GPT-5.5-Cyber actually do that standard GPT-5.5 doesn't?

Three things. First, it scores 85.6% on CyberGym (1,507 real-world vulnerability reproduction tasks across 188 OSS-Fuzz projects) vs 81.8% for standard GPT-5.5 — a meaningful jump driven by training on authorized offensive and defensive security data. Second, it has reduced automated safety refusals for approved defensive tasks: secure code review, vulnerability triage, malware analysis, red teaming, penetration testing. Third, it sustains deep multi-step analysis across large codebases — Trail of Bits used /goal runs to build an entire fuzzing lab covering dozens of entry points in less than a day, vs several weeks manually. On the Linux kernel, it generated 8 kernel pointer information leak proof-of-concepts and 24 local privilege escalation exploits in a single sweep.

Is Patch the Planet just marketing or is it real?

Real, with measurable output. The initial five-day sprint across more than 30 open-source projects — including cURL, Go, Python, Sigstore, and pyca/cryptography — surfaced hundreds of issues, merged dozens of patches, and produced reusable testing workflows (fuzzing, variant analysis, differential testing) that other projects can adopt. Trail of Bits and HackerOne are operational partners. Strategically it's identical to Glasswing: fix real vulnerabilities in real critical infrastructure, build trust with government, earn protected status. The marketing benefit and the security benefit are not separable — that's the design.

Can I get access to GPT-5.5-Cyber?

Not unless you're an approved defender. OpenAI's Trusted Access for Cyber program reviews applicants and gates the full model behind verified-defender status — typically meaning a security team at a recognized enterprise, a member of a national CERT, an academic security researcher, or a partner in Patch the Planet. The Codex Security plugin (vulnerability scanning in the IDE) is being rolled out more broadly to Codex users, but the underlying full GPT-5.5-Cyber model stays restricted. For most developers, the practical access path is via the plugin output, not the raw model.

Quick Answer

GPT-5.5-Cyber Full Release vs Anthropic Glasswing (Jun 23, 2026)

Published: June 23, 2026

GPT-5.5-Cyber Full Release vs Anthropic Glasswing: The Cyber Race Has Two Runners

OpenAI launched three connected cybersecurity products today (June 23, 2026) — the full version of GPT-5.5-Cyber, the Codex Security IDE plugin, and the Patch the Planet open-source initiative with Trail of Bits and HackerOne. It is the most exact strategic mirror of Anthropic’s Project Glasswing the industry has seen. The cyber race is now two runners, not one. Here’s what shipped, how it compares, and what it means.

Last verified: June 23, 2026.

TL;DR

Dimension	GPT-5.5-Cyber (OpenAI)	Project Glasswing (Anthropic)
CyberGym score	85.6% (full) vs 81.8% (standard 5.5)	Mythos / Glasswing harness scores in same band
Launched (full)	June 23, 2026	Earlier 2026, expanded through ENISA partnership
Access gate	Trusted Access for Cyber (defenders only)	Glasswing partners (50+)
IDE integration	Codex Security plugin (new today)	Claude Code defensive workflows
Open-source program	Patch the Planet (Trail of Bits + HackerOne)	Glasswing partners + EU access (ENISA)
Strategic role	”Too important to shut down” via OSS fixes	Same — proven during Fable 5 suspension

The two programs are now structurally identical. The competition is on execution and partner depth.

What launched today

GPT-5.5-Cyber (full version)

The full GPT-5.5-Cyber sets state-of-the-art on CyberGym at 85.6% — the public 81.8% snapshot for standard GPT-5.5 was already the leader. The full model is more permissive and more capable for authorized defensive work: deep analysis across large codebases, reachability tracing, controlled validation of issues, patch development, and evidence preparation for human review.

Access stays restricted to defenders through OpenAI’s Trusted Access for Cyber program. The model still refuses credential theft, stealth, persistence, and malware deployment.

Codex Security plugin

The strategic move. Codex Security embeds vulnerability scanning directly into the IDE — the same place developers write code. If you use Codex to write and to scan, OpenAI owns both sides of the developer security workflow. This is the durable bet, not the model itself.

Patch the Planet

OpenAI’s open-source security initiative, run with Trail of Bits and HackerOne. More than 30 OSS projects have committed — initial participants include cURL, Go, Python, Sigstore, and pyca/cryptography. An initial five-day sprint surfaced hundreds of issues, merged dozens of patches, and produced reusable testing workflows.

How it compares to Glasswing

Same playbook, different vendor. Anthropic established the playbook with Glasswing earlier in 2026: ship a cyber-tuned model, restrict access to defenders, partner with critical OSS and infrastructure, fix real vulnerabilities, build government trust, become politically protected. Glasswing famously survived the Fable 5 US government suspension precisely because of this strategy.

OpenAI is now running the same playbook step-for-step. The Trail of Bits + HackerOne partnership is the analog to Anthropic’s 50+ Glasswing partners. The Codex Security plugin is the analog to Claude Code defensive workflows. The 85.6% CyberGym headline is the analog to Mythos-on-Glasswing scores.

Where they diverge. Glasswing has the EU partnership via the ENISA cooperation announced earlier in June 2026 — a regulatory wedge into Europe. OpenAI’s Daybreak platform doesn’t yet have an equivalent EU government-trust anchor. Conversely, the Codex Security IDE plugin is a real product surface advantage — Anthropic’s defensive workflows are CLI-led and less embedded in mainstream IDEs.

Trail of Bits’ Linux kernel demo

The most striking proof point. Trail of Bits engineers used Codex with GPT-5.5-Cyber on the Linux kernel — more than 30 million lines of code. The model:

Identified security-relevant components across the codebase
Flagged potential security issues
Validated them dynamically
Generated 8 kernel pointer information leak proof-of-concepts
Generated 24 local privilege escalation exploits

This is the capability that justifies the restricted access model. The same engine that finds privilege escalations for an authorized defender finds them for a state actor if the access controls fail. Trusted Access for Cyber is the human-review wrapper that keeps that asymmetry on the right side.

Microsoft is also in this race

Worth noting: Microsoft’s multi-model agentic security harness reached 88.45% on CyberGym in May 2026 — currently the public leader by that score. That’s a multi-model orchestration result, not a single-model result, but it sets the competitive ceiling. OpenAI’s 85.6% single-model score is a real engineering achievement against that backdrop.

Strategic read

The cyber play is now table stakes for any lab that wants to remain shippable through future regulatory action. Glasswing proved the model. GPT-5.5-Cyber + Patch the Planet is OpenAI’s lift-and-shift implementation. Expect Google DeepMind to follow within months — likely tied to Genesis Mission and Department of Energy partnerships.

For developers and security teams, the practical effect arrives via the IDE: Codex Security and Claude Code defensive workflows are now competing for the same minute of attention in the secure-coding loop. That’s the product war that will determine real-world impact.

Sources

OpenAI Daybreak / GPT-5.5-Cyber launch coverage, June 23, 2026
Trail of Bits Linux kernel demo write-ups
CyberGym leaderboard (llm-stats.com, benchlm.ai)
Microsoft Security blog on agentic scanning, May 12, 2026
Anthropic Project Glasswing and ENISA cooperation reporting, June 18, 2026

Verified June 23, 2026 against same-day launch coverage.