OpenAI expands GPT-5.5 cyber defense access to Europe through new EU action plan

The EU-focused rollout gives trusted European defenders access to frontier cyber AI tools, with governments, businesses, cyber agencies, and EU institutions included in the plan.

OpenAI has announced an EU Cyber Action Plan to expand access to GPT-5.5 and GPT-5.5-Cyber for trusted cyber defenders across Europe, giving the region a dedicated route into the company’s frontier cyber AI program.

The plan covers European businesses, governments, cyber agencies, and EU institutions, including the EU AI Office. It follows OpenAI’s wider rollout of Trusted Access for Cyber, a verification-based framework designed to give approved defenders broader access to cybersecurity workflows while maintaining restrictions on harmful use.

Martin Signoux, AI Policy Lead at OpenAI, announced the European plan on LinkedIn and wrote: “Today, we are bringing to Europe unprecedented cyber defense capabilities that have not been available in the region until now.”

He added: “We are announcing the OpenAI EU Cyber Action Plan, expanding access to frontier cyber AI across Europe for trusted cyber defenders.”

Europe gets dedicated access to OpenAI cyber AI tools

OpenAI says the EU Cyber Action Plan will expand Trusted Access for Cyber to verified European partners using GPT-5.5 and GPT-5.5-Cyber.

The move gives Europe a specific policy and operational route into OpenAI’s cyber defense program at a time when AI models are becoming more capable in security work. OpenAI says GPT-5.5 with Trusted Access for Cyber is intended for most defensive workflows, including secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation.

GPT-5.5-Cyber is being rolled out in limited preview for more specialized authorized workflows, including controlled red teaming, penetration testing, and validation work. OpenAI says the model is not expected to significantly outperform GPT-5.5 across every cyber evaluation, but has been trained to be more permissive on security-related tasks for approved users.

For European organizations, the plan extends beyond access to a model. It places cyber AI inside a trust-based structure involving identity verification, account-level controls, approved-use scoping, and monitoring.

Safeguards shape the trusted access model

Signoux linked the EU plan to OpenAI’s earlier cyber safety work and its 2023 Preparedness Framework, which includes cybersecurity risk.

He wrote: “AI is reshaping cybersecurity. Over the past year, AI model capabilities have advanced rapidly, warranting greater efforts to strengthen cyber resilience. We need to build this together. Europe’s preparedness will be strongest when trusted cyber defenders have access to advanced tools, paired with appropriate safeguards, oversight, and operational cooperation.”

OpenAI’s Trusted Access for Cyber framework is designed to reduce refusals for verified defenders working in authorized environments, while continuing to block requests linked to malicious activity. OpenAI says safeguards remain in place against credential theft, stealth, persistence, malware deployment, and exploitation of third-party systems.

The company has also set stronger account requirements for users with access to its most cyber-capable and permissive models. Individual members of Trusted Access for Cyber will be required to enable Advanced Account Security from June 1, 2026. Organizations can alternatively attest that they use phishing-resistant authentication through single sign-on.

OpenAI’s current access structure separates default GPT-5.5 use from GPT-5.5 with Trusted Access for Cyber and GPT-5.5-Cyber. The default model keeps standard safeguards for general work. Trusted Access for Cyber gives verified defenders more precise safeguards for defensive tasks. GPT-5.5-Cyber allows more permissive behavior for specialized authorized workflows, with stronger verification and controls.

Cyber AI puts skills and governance under pressure

OpenAI’s European rollout comes as cyber defense, AI skills, and workforce readiness are becoming more closely linked. The company says approved customers will be able to use trusted access to support security education, defensive programming, and responsible vulnerability research.

Its wider cyber program includes work with security vendors across network protection, vulnerability research, detection and monitoring, and software supply chain security. Partners named in OpenAI’s broader Trusted Access for Cyber work include Cisco, CrowdStrike, Palo Alto Networks, Oracle, Zscaler, Cloudflare, Akamai, Fortinet, Intel, Qualys, Rapid7, Tenable, Trail of Bits, SentinelOne, Okta, Netskope, Snyk, Gen Digital, Semgrep, and Socket.

OpenAI says GPT-5.5-Cyber scored 81.9 percent on CyberGym, compared with 81.8 percent for GPT-5.5, 79.0 percent for GPT-5.4, and 73.1 percent for Claude Opus 4.7. The company says GPT-5.5 with Trusted Access for Cyber remains the recommended starting point for most security workflows.

The EU Cyber Action Plan now gives OpenAI a clearer route into Europe’s cyber defense ecosystem. The next test is whether European partners can pair access to GPT-5.5 and GPT-5.5-Cyber with enough training, governance, and verified defensive use cases to make frontier cyber AI operational beyond specialist teams.