Experts at Canada’s Communications Security Establishment will be given access to GPT-5.5-Cyber - which can be used to hunt and fix software vulnerabilities - under OpenAI's 'trusted access' program.Graeme Roy/The Canadian Press
Canada’s Communications Security Establishment will soon get access to OpenAI’s latest artificial intelligence model for cybersecurity testing after senior federal government officials and company staff met in Ottawa on Wednesday, according to two sources familiar with the matter.
San Francisco-based OpenAI released its latest model, called GPT-5.5, in April with strict guardrails for the public. The company also has a more permissive version called GPT-5.5-Cyber that can be used to hunt for and fix vulnerabilities in software. OpenAI is rolling it out to companies and other institutions through what it calls its “trusted access” program.
Experts at the CSE, which serves as the country’s main cryptological and cybersecurity agency, will be able to use the model to identify flaws in software related to critical infrastructure. OpenAI will expand access to Canadian industry over time, according to the sources.
The Globe and Mail is not identifying the sources because they are not authorized to discuss the matter.
The ability for bad actors to use powerful AI models to assist with hacking is a growing concern for governments, regulators and financial institutions. Anthropic, an OpenAI rival, ignited these worries in April when it released details of its latest model, Claude Mythos Preview, which it said was far more adept at finding software vulnerabilities than previous versions. Anthropic did not release the model publicly, but is granting access to companies to test their own systems and shore up defences.
Opinion: Mythos sets the world on edge. What comes next may push us beyond
A number of U.S. companies are already part of OpenAI’s access program, including Bank of America, BlackRock, Goldman Sachs, CrowdStrike, Palo Alto Networks, and others. European firms such as Deutsche Telekom are part of the program, too.
OpenAI has started expanding access to U.S. federal government departments and agencies, and has previously briefed Five Eyes countries on the model’s capabilities. The company has also offered access to the European Commission and key member states.
The company said in a blog post this month that its access program is designed for “defenders responsible for securing critical infrastructure.”
Anthropic’s AI model sparks rush from industry, government to batten down defence hatches
The AI Security Institute (AISI) in Britain tested GPT-5.5-Cyber recently and said it was on par with Mythos Preview, adding that it was the second model to complete a multi-step cyberattack simulation. OpenAI’s model did so in two of 10 attempts, while Mythos Preview completed it successfully three times.
AISI previously said that Mythos Preview was more capable than other models at autonomously exploiting vulnerabilities in weakly defended systems, but could not say for certain whether it could attack better defended systems.
Anthropic staff met with federal AI Minister Evan Solomon and officials from Innovation, Science and Economic Development in April to discuss the model’s capabilities.
“We have long known the models are going to become significantly more challenging,” Mr. Solomon said in an interview with journalists earlier this week, adding that Canada is in contact with G7 allies about the issue.