OpenAI pulls the same gatekeeping move it mocked Anthropic for

Remember when OpenAI took shots at Anthropic for keeping Mythos on a short leash? Good times. Now the shoe’s on the other foot.

OpenAI just announced it’s rolling out GPT-5.5 Cyber — its fancy new cybersecurity testing tool — exclusively to “critical cyber defenders” at launch. That’s a polite way of saying: if you’re not a government agency, a major security firm, or someone with the right connections, you’re not getting in.

The timing is what stings. Not long ago, OpenAI was publicly questioning why Anthropic would limit access to Mythos, their own powerful AI model. The implication was clear: we’d never do that. We believe in open access. We trust the community.

And now this.

Look, I get the reasoning. Cybersecurity tools are dangerous in the wrong hands. GPT-5.5 Cyber can probe systems, find vulnerabilities, and — in theory — be used offensively. OpenAI wants to prevent bad actors from weaponizing it. That’s fair.

But the same logic applied to Mythos. Anthropic was worried about misuse too. They chose to limit access to vetted researchers and organizations. OpenAI called them out for it.

Now OpenAI is doing the exact same thing, just with a different label. “Critical cyber defenders” instead of “approved researchers.” Same gatekeeping, different PR spin.

What makes this worse is the lack of transparency. Who decides who’s a “critical cyber defender”? What criteria are they using? Is this an internal panel, or are they outsourcing the decision? OpenAI hasn’t said. The rollout plan is vague: “at first” suggests it might expand later, but there’s no timeline, no threshold, no roadmap.

I’ve been around long enough to watch this pattern repeat across the industry. A company launches a powerful tool, promises responsible access, then quietly tightens the screws. The difference here is OpenAI already had a chance to take the high road. They chose to throw stones instead.

Don’t get me wrong — I’m not saying GPT-5.5 Cyber should be handed out like candy. AI-powered security tools are genuinely dangerous. But if you’re going to restrict access, at least own it. Don’t pretend you’re morally superior to competitors doing the same thing.

The real question is: will OpenAI learn from this, or will they keep repeating the same mistakes? Given their track record, I’m not holding my breath.