OpenAI will grant the European Commission, EU institutions, and vetted European cybersecurity teams preview access to GPT-5.5-Cyber, the company announced Monday. The move comes through a new “OpenAI EU Cyber Action Plan” and represents a significant expansion of the model’s availability beyond the limited U.S. preview announced May 7. Anthropic, which released its own agentic cybersecurity model Mythos a month ago, has not granted the EU similar access. This follows NCT’s earlier coverage of the GPT-5.5-Cyber launch.

EU Commission Responds

Commission Spokesperson Thomas Regnier confirmed at a Monday press briefing that an exchange had taken place between OpenAI and the EU. “We welcome OpenAI’s transparency and intent to give commission access to new model,” Regnier said, according to CNBC. “This will allow us to follow deployment of the model very closely, and address security concerns.”

On Anthropic, Regnier acknowledged “four or five” meetings but said discussions with the company were “not yet at the same stage as the solution we have on the table from OpenAI.”

Anthropic’s Silence

Mythos launched approximately one month ago and triggered fears about autonomous cyberattacks on critical infrastructure, according to CNBC. Despite the EU’s outreach, Anthropic has not offered the Commission preview access to review the model’s capabilities. CNBC reported that Anthropic has been approached for comment but did not include a response.

The contrast is stark. Both models have agentic capabilities for infrastructure scanning and vulnerability discovery. OpenAI is granting sovereign institutions the ability to evaluate those capabilities firsthand. Anthropic has declined.

OpenAI’s Regulatory Play

George Osborne, OpenAI’s Head of OpenAI for Countries, framed the access grant in cooperative terms. “AI labs like ours shouldn’t be the sole arbiters of cyber safety as resilience depends on trusted partners working together,” Osborne said in a statement to CNBC. “The latest cyber AI capabilities should be available for Europe’s many defenders, not just the few.”

The EU Cyber Action Plan positions OpenAI as willing to work within European governance structures rather than against them. For a company navigating the EU AI Act’s compliance requirements, this is not purely altruistic.

Two Strategies for Sovereign AI Access

The divergence maps cleanly onto each company’s broader regulatory posture. OpenAI has consistently moved toward cooperative frameworks with governments: the Trusted Access for Cyber (TAC) program for U.S. defenders, and now the EU Cyber Action Plan for European institutions. Anthropic has taken a more restrictive approach, limiting access while maintaining its own safety evaluation processes.

For EU policymakers writing enforcement rules for agentic AI models in critical infrastructure, the question is now concrete: should sovereign institutions have the right to evaluate agentic cybersecurity models deployed within their borders? OpenAI is betting the answer is yes. Anthropic’s position, at least for now, leaves that question unanswered.