OpenAI has offered nine major UK banks access to GPT-5.5 Cyber, its specialized cybersecurity agent, after Anthropic blocked them from previews of Claude Mythos, its autonomous agent designed for cyber defense. The banks include Lloyds Banking Group, HSBC, and Nationwide, according to BBC News. NatWest and Santander already have access under existing agreements.
Comparable Performance, Different Access Policies
The UK AI Security Institute tested both agents and found they reached “a similar level of performance” on defensive security tasks, according to BBC News.
Anthropic initially opened Mythos access to a collective of 42 companies, mostly US tech firms. The restriction left UK banks unable to test the tool against their own systems. Bank of England Governor Andrew Bailey warned last week that UK banks still could not access Mythos.
Anthropic told the BBC it believes Mythos’ capabilities “sit in a tier above 5.5 Cyber” and therefore require more caution. The company said it is “urgently working to expand access.” Anthropic put $100 million toward Mythos previews, according to BBC News.
OpenAI has taken a broader approach. Former UK Chancellor George Osborne, now a senior executive at OpenAI, told the BBC the firm did not want to “hide it away or keep it to ourselves.” He confirmed that, like Mythos, 5.5 Cyber would not become available to all. “The key things with these tools is that they need to be in the hands of the right people,” Osborne said.
OpenAI has already opened 5.5 Cyber access in the EU, Japan, and Canada, according to BBC News.
Why Old Code Matters
Mythos generated attention in April by reportedly finding a vulnerability in one legacy system that had remained hidden for nearly 30 years, according to BBC News.
Prof. Alan Woodward, a cybersecurity expert at Surrey University, told the BBC that these agents are “relentless and incredibly thorough in sorting through the millions of lines of code which are in banking apps alone.” He noted that UK banking systems often run on very old code where AI scanning is particularly useful, but the tools also surface false positives, requiring human verification of findings.
The Competitive Dynamic
The episode marks the first time a major model provider has explicitly positioned a product against a competitor’s access restrictions. OpenAI is not just selling a cybersecurity agent. It is selling availability where Anthropic has imposed scarcity.
For banks evaluating autonomous agents for production security work, the choice is between a tool they can access now and a tool that may be more capable but unavailable. Both firms charge for usage. The UK AI Security Institute’s finding that performance is comparable on defensive tasks removes one variable from that decision.