惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
博客园_首页
N
News | PayPal Newsroom
有赞技术团队
有赞技术团队
The Hacker News
The Hacker News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
S
SegmentFault 最新的问题
Jina AI
Jina AI
人人都是产品经理
人人都是产品经理
P
Privacy & Cybersecurity Law Blog
AI
AI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Schneier on Security
Schneier on Security
博客园 - 三生石上(FineUI控件)
月光博客
月光博客
量子位
Forbes - Security
Forbes - Security
爱范儿
爱范儿
云风的 BLOG
云风的 BLOG
SecWiki News
SecWiki News
Last Week in AI
Last Week in AI
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Tor Project blog
Recorded Future
Recorded Future
A
About on SuperTechFans
J
Java Code Geeks
The Register - Security
The Register - Security
PCI Perspectives
PCI Perspectives
H
Hacker News: Front Page
V2EX - 技术
V2EX - 技术
S
Secure Thoughts
V
Vulnerabilities – Threatpost
Hacker News: Ask HN
Hacker News: Ask HN
MongoDB | Blog
MongoDB | Blog
N
Netflix TechBlog - Medium
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Scott Helme
Scott Helme
T
The Exploit Database - CXSecurity.com
Y
Y Combinator Blog
AWS News Blog
AWS News Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
IT之家
IT之家
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
C
CERT Recently Published Vulnerability Notes
L
LangChain Blog
F
Full Disclosure
Application and Cybersecurity Blog
Application and Cybersecurity Blog
The GitHub Blog
The GitHub Blog

Sophos Blogs

Sophos and the Cybersecurity Poverty Line You do surprise me.exe: An unexpected executable in Hola Browser You do surprise me.exe: An unexpected executable in Hola Browser Pointing a Cursor at evading detection Pointing a Cursor at evading detection Pointing a Cursor at evading detection Canvas attack aftermath: What risks come next Canvas attack aftermath: What risks come next? Gartner EPP MQ-17 Sophos named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the 17th consecutive report GitHub internal repositories breached. GitHub internal repositories breached WantToCry ransomware remotely encrypts files WantToCry ransomware remotely encrypts files Why AMOS matters: The macOS malware stealing data at scale Why AMOS matters: The macOS malware stealing data at scale May’s Patch Tuesday hauls out 132 CVEs May’s Patch Tuesday hauls out 132 CVEs Operating inside the lethal trifecta: Blast radius reduction in AI agent deployments Sophos Endpoint in action: Blocking a novel supply chain attack Inside the lethal trifecta: Blast radius reduction in AI agent deployments Ransomware: AI changes the writer. It doesn't change the math. Donuts and Beagles: Fake Claude site spreads backdoor QEMU abused to evade detection and enable ransomware delivery Adobe Reader zero-day vulnerability in active exploitation We let OpenClaw loose on an internal network. Here’s what it found The vulnerability flood is here. Here’s what it means – and how to prepare Is compliance complexity outpacing IT capacity? Sophos named a 2026 Gartner® Peer Insights™ Customers' Choice for Managed Detection and Response Amazon GuardDuty enhances detection efficacy with Sophos threat intelligence Axios npm package compromised to deploy malware The Cybersecurity Trust Reality in 2026 The High Cost of Low Trust: Our Commitment to Radical Transparency Incident responders, s'il vous plait: Invites lead to odd malware events Sophos Firewall、「G2 Spring 2026」レポートでファイアウォールソリューション総合第1位を獲得 世界の CISO の現状: 無視できないリーダーシップギャップの大きさ レポートのエンドポイント、EDR、XDR、MDR、ファイアウォール各部門で総合 1 位に Android devices ship with firmware-level malware March Patch Tuesday visits 15 product families From Security Operations to Security Leadership: Sophos CISO Advantage
GPT-5.5-Cyber is here. What it means for defenders operating at the frontier.
2026-05-11 · via Sophos Blogs

On May 7, OpenAI announced the broad rollout of GPT-5.5 through its Trusted Access for Cyber (TAC) program, and the limited preview of GPT-5.5-Cyber, a more permissive cyber-native variant fine-tuned for advanced defensive workflows.

For verified TAC members like Sophos, GPT-5.5 accelerates the full defensive lifecycle: secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation. GPT-5.5-Cyber goes further. It supports authorized red teaming, penetration testing, and controlled exploitability validation for a smaller group of approved partners. OpenAI is also tightening verification at the same time, requiring phishing-resistant authentication for individual members accessing the most permissive models.

This is the next step in a shift that began earlier this year with the introduction of TAC and the fine-tuning of cyber-permissive variants. The pattern is clear: as frontier capabilities advance, OpenAI is tipping the scales in favor of defenders like Sophos with proportionally stronger verification and accountability around access.

Why this matters now

On April 7, Anthropic released Claude Mythos to a small set of partners as part of an initiative called "Project Glasswing." The disclosed capabilities, including thousands of zero-day vulnerabilities surfaced and a 72.4% exploit development success rate, were significant enough that the U.S. Treasury Secretary and Federal Reserve Chair convened the CEOs of the largest U.S. banks for an emergency briefing on what the technology meant for the resilience of the financial sector. The capability is out. Containment is uncertain.

That is the side of the frontier the adversary has been operating on for months. AI accelerates discovery. AI generates working exploits. AI compresses the gap between a vendor advisory and observed exploitation. (See AI just became the world’s most dangerous exploit writer and AI finds the vulnerabilities, but exploiting them is a different problem for the deep technical analysis.)

OpenAI’s release this week is significant because it is one of the most aggressive moves yet to put a comparable class of capability on the defenders’ side, backed by an access framework designed to keep it there.

But access alone is not a strategy. It only matters if you have the operational architecture to put it to work. That is where Sophos already lives.

Sophos has been building for this moment for years. Two pieces of that work matter most for understanding what TAC accelerates.

Sophos Endpoint: built to stop AI-generated zero-days by design

There is a specific argument behind Sophos Endpoint’s architecture that Mythos, and now GPT-5.5-Cyber, make newly relevant.

AI scales discovery. There are millions of vulnerabilities in production software, and frontier models can find them faster than any patch cycle can close them. But AI does not invent new exploitation primitives. To turn any vulnerability into a compromise, known, unknown, or generated five minutes ago by a model, an attacker still has to corrupt memory in a particular way, redirect execution, escalate privileges, evade behavioral monitoring, or call into the operating system through a carefully crafted sequence. Millions of vulnerabilities. Dozens of techniques.

Sophos Endpoint targets the techniques. More than 60 proprietary exploit mitigations are enabled by default on every protected process, with no per-application tuning, no exclusion lists, and no audit periods. They run in real time on the endpoint, with no dependence on signature updates or cloud lookups. When a brand-new zero-day surfaces, whether generated by Mythos, by a future cyber-permissive model in unauthorized hands, or by anything that comes next, the question is not whether Sophos has seen it before. It is whether the exploit can complete its work without using a constrained primitive. The answer in nearly every realistic case is no.

That is what we mean when we say Sophos Endpoint targets the primitives, not the provenance. The Mythos disclosure was not a preview for us. It was confirmation of an architectural bet we made years ago. Read the technical detail in AI finds the vulnerabilities, but exploiting them is a different problem.

Sophos MDR: the world’s largest agentic SOC

The other half of the frontier is operations. Capability without an operating model to wield it is potential, not protection.

Inside Sophos MDR, we re-architected detection and response for the AI era. We did not bolt models onto the existing workflow. We redesigned where humans and AI sit relative to each other, and what each is accountable for. Today, 52% of cases are resolved end-to-end by AI, and our average time from alert to automated response is 89 seconds. Those are not projections. They are operating numbers.

The key word in that re-architecture is accountability. Sophos MDR operates as a human-on-the-loop service, not human-in-the-loop. AI is authorized to act inside well-defined boundaries the analysts set and continuously calibrate. The human is supervising the system, reviewing its work, and stepping in when the situation falls outside the boundary or the stakes warrant it. That is the only operating model that gets you 89-second response times without giving up accountability. 

What OpenAI’s Trusted Access for Cyber (TAC) program adds

Our membership in OpenAI’s TAC sharpens both sides of that work.

For Sophos Endpoint and our threat research teams, TAC accelerates how quickly we can analyze novel threats, validate vulnerabilities, harden our own products through internal red teaming, and generate the detection logic that propagates across more than 600,000 defended organizations. When AI is finding bugs faster, the defense has to be researching them faster. TAC removes friction from that work for verified defenders.

For Sophos MDR, TAC adds another input to the operational intelligence we compound across every customer environment. The same agentic infrastructure that resolves cases in 89 seconds becomes a downstream beneficiary of frontier capability brought in upstream. Every novel adversary technique encountered, every edge case solved, every environment defended feeds back into a system that gets smarter with scale. 

The combination is the point. Capability without an architecture to apply it is interesting. An architecture without frontier capability gets outpaced. Together, they are how a defense system stays in front of an adversary that is also using AI.

Why TAC’s design is the right model

OpenAI’s approach with TAC matters beyond Sophos’s own use of it.

The hard problem with frontier cyber-capable models has always been that the same capability accelerates attackers and defenders. Make it broadly available without safeguards, and you raise the offensive ceiling. Restrict it severely, and defenders fall behind adversaries who have no procurement cycle and no governance review.

TAC is a serious attempt at a third path. It pairs broad access for verified defenders with proportional safeguards: identity verification, organizational vetting, tiered access, and increasingly stringent authentication requirements as the model gets more permissive. Capability scales with verification. Verification scales with accountability. That is a design principle worth reinforcing across the industry.

Sophos will be early to programs that put frontier capability in defenders’ hands responsibly. The defenders ready for what comes next are the ones operating at the frontier today, on both sides of the architecture: prevention that targets primitives, and operations that runs human-on-the-loop. Frontier access is the third leg, and it is now in place.

That is the work. We are glad to be doing it alongside OpenAI and the rest of the TAC community.