On May 7, OpenAI announced the broad rollout of GPT-5.5 through its Trusted Access for Cyber (TAC) program, and the limited preview of GPT-5.5-Cyber, a more permissive cyber-native variant fine-tuned for advanced defensive workflows.

For verified TAC members like Sophos, GPT-5.5 accelerates the full defensive lifecycle: secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation. GPT-5.5-Cyber goes further. It supports authorized red teaming, penetration testing, and controlled exploitability validation for a smaller group of approved partners. OpenAI is also tightening verification at the same time, requiring phishing-resistant authentication for individual members accessing the most permissive models.

This is the next step in a shift that began earlier this year with the introduction of TAC and the fine-tuning of cyber-permissive variants. The pattern is clear: as frontier capabilities advance, OpenAI is tipping the scales in favor of defenders like Sophos with proportionally stronger verification and accountability around access.

Why this matters now

Two months ago, Anthropic released Claude Mythos to a small set of partners. The disclosed capabilities, including thousands of zero-day vulnerabilities surfaced and a 72.4% exploit development success rate, were significant enough that the U.S. Treasury Secretary and Federal Reserve Chair convened the CEOs of the largest U.S. banks for an emergency briefing on what the technology meant for the resilience of the financial sector. The capability is out. Containment is uncertain.

That is the side of the frontier the adversary has been operating on for months. AI accelerates discovery. AI generates working exploits. AI compresses the gap between a vendor advisory and observed exploitation. (See AI just became the world’s most dangerous exploit writer and AI finds the vulnerabilities, but exploiting them is a different problem for the deep technical analysis.)

OpenAI’s release this week is significant because it is one of the most aggressive moves yet to put a comparable class of capability on the defenders’ side, backed by an access framework designed to keep it there.

But access alone is not a strategy. It only matters if you have the operational architecture to put it to work. That is where Sophos already lives.

Operating at the Frontier

Sophos has been building for this moment for years. Two pieces of that work matter most for understanding what TAC accelerates.

Sophos Endpoint: built to stop AI-generated zero-days by design

There is a specific argument behind Sophos Endpoint’s architecture that Mythos, and now GPT-5.5-Cyber, make newly relevant.

AI scales discovery. There are millions of vulnerabilities in production software, and frontier models can find them faster than any patch cycle can close them. But AI does not invent new exploitation primitives. To turn any vulnerability into a compromise, known, unknown, or generated five minutes ago by a model, an attacker still has to corrupt memory in a particular way, redirect execution, escalate privileges, evade behavioral monitoring, or call into the operating system through a carefully crafted sequence. Millions of vulnerabilities. Dozens of techniques.

Sophos Endpoint targets the techniques. More than 60 proprietary exploit mitigations are enabled by default on every protected process, with no per-application tuning, no exclusion lists, and no audit periods. They run in real time on the endpoint, with no dependence on signature updates or cloud lookups. When a brand-new zero-day surfaces, whether generated by Mythos, by a future cyber-permissive model in unauthorized hands, or by anything that comes next, the question is not whether Sophos has seen it before. It is whether the exploit can complete its work without using a constrained primitive. The answer in nearly every realistic case is no.

That is what we mean when we say Sophos Endpoint targets the primitives, not the provenance. The Mythos disclosure was not a preview for us. It was confirmation of an architectural bet we made years ago. Read the technical detail in AI finds the vulnerabilities, but exploiting them is a different problem.

Sophos MDR: the world’s largest agentic SOC

The other half of the frontier is operations. Capability without an operating model to wield it is potential, not protection.

Inside Sophos MDR, we re-architected detection and response for the AI era. We did not bolt models onto the existing workflow. We redesigned where humans and AI sit relative to each other, and what each is accountable for. Today, 52% of cases are resolved end-to-end by AI, and our average time from alert to automated response is 89 seconds. Those are not projections. They are operating numbers.

The key word in that re-architecture is accountability. Sophos MDR operates as a human-on-the-loop service, not human-in-the-loop. AI is authorized to act inside well-defined boundaries the analysts set and continuously calibrate. The human is supervising the system, reviewing its work, and stepping in when the situation falls outside the boundary or the stakes warrant it. That is the only operating model that gets you 89-second response times without giving up accountability. 

What OpenAI’s Trusted Access for Cyber (TAC) program adds

Our membership in OpenAI’s TAC sharpens both sides of that work.

For Sophos Endpoint and our threat research teams, TAC accelerates how quickly we can analyze novel threats, validate vulnerabilities, harden our own products through internal red teaming, and generate the detection logic that propagates across more than 600,000 defended organizations. When AI is finding bugs faster, the defense has to be researching them faster. TAC removes friction from that work for verified defenders.

For Sophos MDR, TAC adds another input to the operational intelligence we compound across every customer environment. The same agentic infrastructure that resolves cases in 89 seconds becomes a downstream beneficiary of frontier capability brought in upstream. Every novel adversary technique encountered, every edge case solved, every environment defended feeds back into a system that gets smarter with scale. 

The combination is the point. Capability without an architecture to apply it is interesting. An architecture without frontier capability gets outpaced. Together, they are how a defense system stays in front of an adversary that is also using AI.

Why TAC’s design is the right model

OpenAI’s approach with TAC matters beyond Sophos’s own use of it.

The hard problem with frontier cyber-capable models has always been that the same capability accelerates attackers and defenders. Make it broadly available without safeguards, and you raise the offensive ceiling. Restrict it severely, and defenders fall behind adversaries who have no procurement cycle and no governance review.

TAC is a serious attempt at a third path. It pairs broad access for verified defenders with proportional safeguards: identity verification, organizational vetting, tiered access, and increasingly stringent authentication requirements as the model gets more permissive. Capability scales with verification. Verification scales with accountability. That is a design principle worth reinforcing across the industry.

Sophos will be early to programs that put frontier capability in defenders’ hands responsibly. The defenders ready for what comes next are the ones operating at the frontier today, on both sides of the architecture: prevention that targets primitives, and operations that runs human-on-the-loop. Frontier access is the third leg, and it is now in place.

That is the work. We are glad to be doing it alongside OpenAI and the rest of the TAC community.