On April 30, 2026, Sam Altman posted on X that OpenAI would start rolling out GPT-5.5-Cyber to "critical cyber defenders" within days. The model is a permissive variant of GPT-5.5 — the one the Loop covered as "Spud" — wired into a gated distribution channel called Trusted Access for Cyber. Access is restricted to governments, critical infrastructure operators, security vendors, cloud platforms, and financial institutions, with KYC verification required before anyone gets a key.

Three weeks earlier, on April 7, Anthropic announced Project Glasswing — a coalition built around Claude Mythos Preview, the model the Loop has also covered. Twelve launch partners, around 40 more critical-infrastructure organizations behind them, $100 million in usage credits committed by Anthropic, $4 million in donations to open-source security maintainers. Mythos is not for sale. You either get into Glasswing or you don't see the model at all.

Read those two paragraphs back to back. Two of the three frontier labs have, in the span of three weeks, shipped almost the same product: a frontier cyber-AI gated by KYC, distributed through a partner consortium, available to roughly the same room of US financial institutions and US-headquartered security vendors. The differences are decoration. The structure is the story.

The customer rosters overlap embarrassingly

The Trusted Access for Cyber participant list, as confirmed by The Hacker News and Cybersecurity News, includes Bank of America, BlackRock, BNY, Citi, Goldman Sachs, JPMorgan Chase, Morgan Stanley — basically the US bank-tier-one membership card — alongside Cisco, Cloudflare, CrowdStrike, NVIDIA, Oracle, Palo Alto Networks, SpecterOps, iVerify, and Zscaler.

The Project Glasswing launch partner list, per Anthropic's own page, includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

The intersection is not a coincidence. Cisco, CrowdStrike, NVIDIA, Palo Alto Networks, and JPMorgan Chase are in both programs. Whatever "trusted" means in trusted-access programs, in 2026 it overwhelmingly means we already had a procurement relationship and a vetted security team, and it is denominated in dollars and US incorporation papers. The cyber-AI club is the same club twice.

The AISI threshold both labs crossed

The technical reason both vendors gated their cyber models in the same month is a benchmark, not a vibe. The UK AI Security Institute's 32-step network attack simulation became the de-facto trip-wire: clear it convincingly and the model is "too capable" to ship into ChatGPT or Claude.api as-is.

The two labs cleared it within a hair of each other. Per the technical writeup of OpenAI's announcement, GPT-5.5-Cyber completes the simulation in 2 of 10 attempts and scores 81.8% on CyberGym; Mythos Preview manages 3 of 10 and 83.1% on the comparable cyber vulnerability reproduction benchmark. Both got the internal "High" capability rating in their respective frameworks. Both stopped short of the "Critical" threshold that would trigger something more drastic than a club-membership policy.

If you wanted to know why two labs landed at the same gating model in the same month, that is the answer. The benchmarks they're racing on declared both products simultaneously eligible for the same compliance bin.

The differences worth noting

Three real distinctions between the two programs, none of which change the basic shape.

OpenAI sells two SKUs; Anthropic sells none. The standard GPT-5.5 ships with the safety stack on, refusing the kind of binary-reverse-engineering and exploit-development tasks Trusted Access defenders need. GPT-5.5-Cyber turns those refusals down for vetted accounts. Anthropic, by contrast, won't sell Mythos at all — "we don't plan to make the model generally available" is the operative line. Anthropic monetises Glasswing in usage credits and prestige; OpenAI monetises Trusted Access in API revenue from a smaller, vetted customer base.

The grant programs point in opposite directions. Anthropic's $100M is for the consortium itself — the people already in the room. OpenAI's $10M Cybersecurity Grant Program is API credits for under-resourced defenders who couldn't afford the bill otherwise. Anthropic is subsidising the F500. OpenAI is subsidising the local utility CISO. Both are defensible, neither is the same plan.

Mythos has the headline scalps. Project Glasswing's launch came with zero-day disclosures including a 27-year-old OpenBSD remote-crash bug and a 16-year-old FFmpeg flaw — vulnerabilities that survived three decades of human review. OpenAI's announcement is, so far, a model and a process and a participant list. The bug count, if there is one, has not been published.

The patch problem nobody is solving

The most uncomfortable finding of the past month came from outside both vendors. The Hacker News reported that fewer than 1% of the vulnerabilities Mythos identified during the Glasswing preview have been patched. The gating regime is correctly calibrated to keep dangerous capability away from attackers. It is doing nothing to shorten the four-day-cycle calendar maintainers actually patch on.

That is the genuine asymmetry, and it is not the one the press releases want to talk about. Discovery has been industrialised. Remediation has not. A locked club of vetted defenders running a frontier model can produce a thousand validated zero-days a week and ship them to a Linux maintainer who has a day job and a backlog. The bottleneck moved. The funding did not.

Goldman is in this room — and that's funny, given Tuesday

The footnote nobody is putting in print: Goldman Sachs is on the Trusted Access participant list, and JPMorgan is on both. Tuesday's news, per the Loop's previous coverage, was that Goldman had cut its Hong Kong staff off from Anthropic's Claude on a strict reading of Anthropic's supported-regions page.

The same compliance team that decided Hong Kong was outside the country list is, in New York, presumably a Trusted Access for Cyber participant on the OpenAI side and — given JPMorgan's presence in both programs — likely paying close attention to what its peers are doing on the Anthropic side. The trusted-access club admits Goldman New York and excludes Goldman Hong Kong by the same instrument. That is a sentence that costs a compliance team five figures to write.

What to watch

1. Whether DeepSeek and Mistral build the same gate. Both shipped frontier-class models this month. Neither has published a Trusted Access analogue. If they don't, "trusted access" becomes a US-lab-only structural moat — and the gap between US-aligned cyber-AI and everything else hardens into a policy fault line within a quarter.
2. Whether the AISI 32-step number becomes a public threshold. Right now it is doing the work of an export control without anyone calling it that. If a third lab clears it, the benchmark stops being internal capability lore and starts being a regulatory cut-off in plain sight.
3. Who pays for the patch side. The 1% remediation rate is the embarrassment that will not be solved by another $100M in model credits. The next plausible move is a labour-and-bounty program funded by the same consortium that paid for the discovery side. If neither lab announces one within two months, the gap widens on purpose.

The frontier labs are now distributing their best cybersecurity models the way the US government distributes top-secret cleared work: through a vetted list, against signed paperwork, to a roster that is mostly American and mostly already known to the vendor. Three weeks ago this was Anthropic's idiosyncrasy. Today it is the default. Whoever joins the club next will not have to invent the membership form.