On Wednesday, May 27, OpenAI Chief Strategy Officer Jason Kwon stood at a press briefing at the JW Marriott Hotel in Seoul to announce that South Korea and Japan had become the first nations in Asia — and the third globally, after the United States and Canada — to join the Government Trusted Access for Cyber program, the verified-access tier at the heart of OpenAI's Daybreak cybersecurity initiative. The announcement formalized an agreement reached a day earlier between Kwon and Ryu Je-myung, South Korea's second vice minister of science and information and communications technology, and introduced the Korea Cyber Action Plan — a national implementation framework giving Korean government agencies, public institutions, and major domestic companies direct access to OpenAI's most advanced cybersecurity AI models.
"Advanced cyber AI capabilities should not remain in the hands of only a few," Kwon told reporters. "Korea's key defenders should be able to use them to strengthen collective security and public safety."
The announcement arrives as both of the world's leading AI labs have now shipped government-grade cybersecurity platforms within a two-month window. Anthropic launched Project Glasswing in April, and its Claude Mythos Preview model reported finding more than 10,000 high- or critical-severity vulnerabilities across partner organizations as of May 22. For governments and critical infrastructure operators now choosing between competing programs, the Korea rollout marks the clearest signal yet that Daybreak intends to run on a wider access model than its rival.
What GTAC Is and What Korea Can Now Do With It
GTAC is a tiered access structure within Daybreak that gates entry behind identity verification and institutional authorization. South Korean government agencies and public institutions that clear the authorization process gain access to OpenAI's GPT-5.5 with Trusted Access for Cyber, the model tier designed for verified defenders running vulnerability triage, malware analysis, detection engineering, and patch validation. The Korea Internet and Security Agency — South Korea's primary cybersecurity authority — is among the first GTAC participants.
The program extends beyond government to the private sector through the Trusted Access Program, or TAC, which targets companies in South Korea's key industries. OpenAI said it plans to disclose TAC partnership results separately in the coming days.
Read more: OpenAI Launches Daybreak the Same Day Google Confirmed the First AI-Built Zero-Day Attack
At the top of the access ladder sits GPT-5.5-Cyber, a more permissive variant of GPT-5.5 trained to handle specialized defensive workflows — including authorized red-teaming, penetration testing, and controlled validation — that the standard model's safeguards would otherwise restrict. The UK AI Security Institute evaluated GPT-5.5 on a 95-task cybersecurity benchmark in late April and found that it outperformed Anthropic's Claude Mythos Preview on Expert-level tasks, scoring 71.4% against Mythos's 68.6%. The same evaluation, however, found that expert red-teamers were able to develop a universal jailbreak against GPT-5.5's cybersecurity safeguards in six hours of testing — a finding OpenAI has addressed through the tiered access controls and account-level monitoring built into GPT-5.5-Cyber's deployment.
"GPT-5.5-Cyber appears more useful for multi-step security workflows: finding bugs, proposing patches, running tests, interpreting failures and iterating across real codebases," said Daniel Alabi, an assistant professor of electrical and computer engineering at the University of Illinois. "That matters more than benchmark gains."
How Daybreak's Access Model Differs From Glasswing
The central competitive distinction between GTAC and Anthropic's Project Glasswing comes down to breadth. Glasswing currently operates with approximately 50 partner organizations under tightly controlled conditions — access to Claude Mythos Preview has not been made generally available, and Anthropic has publicly stated it will not be until stronger safeguards are developed. GTAC, by Kwon's own account, is designed for broader reach: "In terms of computing capacity, it is possible to have broader access than Glasswing," he told reporters in Seoul.
Hanah-Marie Darley, chief AI officer at Geordie AI, noted that GTAC's access model eliminates a structural bottleneck that has kept enterprise-grade security AI out of smaller organizations. Functionality that previously required enterprise platform contracts or B2B sales cycles is now reachable through a direct model-access pattern — meaning more security teams can experiment with and integrate advanced AI capabilities without waiting for a dedicated product implementation.
Cisco, CrowdStrike, and Palo Alto Networks are partners of both initiatives, though the two programs take different approaches to that overlapping base. Daybreak's 20-plus partner ecosystem spans the full security stack — network edge (Cloudflare, Akamai, Zscaler), endpoint detection (CrowdStrike, SentinelOne), static analysis (Snyk, Semgrep), and offensive research (Trail of Bits, SpecterOps) — while Glasswing maintains a smaller coalition anchored by hyperscalers including Amazon Web Services, Google, Microsoft, and Apple.
OpenAI Expands Korea Partnerships Beyond Cybersecurity
The Korea Cyber Action Plan is the highest-profile element of a broader institutional push OpenAI is making in South Korea. On the same day as the press briefing, OpenAI signed memoranda of understanding with two additional Korean institutions. The Korea Water Resources Corporation — known as K-water — will develop an AI-based water disaster response system with OpenAI to support climate change adaptation. The Korea Technology Finance Corporation will collaborate on AI-based technology assessment. OpenAI is also in discussions with the Korea AI Safety Institute, which the Korean government is currently establishing, and plans to draw on its working relationships with the U.S. and UK AI Safety Institutes to help Korea build domestic model-evaluation capabilities.
The groundwork for the May 27 announcement was laid over the preceding weeks. Sasha Baker, OpenAI's head of national security policy, visited South Korea on May 18 and ran demonstrations of the company's latest cybersecurity models for the Ministry of Science and ICT, the Ministry of Foreign Affairs, the Ministry of the Interior and Safety, the Financial Services Commission, the National AI Strategy Committee, and the National Intelligence Service. Kwon had also met separately with Vice Minister Ryu Je-myung on May 26 to formalize GTAC participation before the public announcement.
What South Korean and Japanese Institutions Need to Do Next
Access to GTAC is not automatic. Korean institutions must complete an authorization process before the tools become available, though Kwon said that once authorization is cleared, access is immediate rather than staged. The structure mirrors how Daybreak works for enterprise customers globally: organizations can request a vulnerability scan from OpenAI directly or enroll through its partner network. Broader deployment of increasingly capable models to verified partners is planned in the coming weeks as part of OpenAI's iterative rollout approach.
OpenAI said EU-GTAC cooperation talks are ongoing. The company had previously offered the European Commission access to its cybersecurity tools as part of a cyber action plan; the Commission acknowledged the offer, and discussions are continuing.
For security teams in GTAC-eligible nations not yet enrolled, the most consequential near-term question is governance — specifically, whether existing authorization, audit logging, and CI/CD approval infrastructure is sufficient to incorporate a model with repository-level access. Organizations that clear the GTAC process gain access to tools that independent evaluators confirm are among the most capable on the market for multi-step defensive workflows. The authorization process itself is the first step; institutional readiness to use the tools safely is a parallel preparation.
Frequently Asked Questions
What is OpenAI's GTAC program and which countries can join?
GTAC — Government Trusted Access for Cyber — is the government-focused tier of OpenAI's Daybreak cybersecurity initiative, giving verified government agencies, public institutions, and companies in key industries access to OpenAI's most advanced cybersecurity AI models. As of May 2026, the program is open to the United States, Canada, South Korea, and Japan, with EU-GTAC talks ongoing.
How does OpenAI Daybreak's access model compare to Anthropic's Project Glasswing?
Daybreak operates under a broader access model: organizations outside the government tier can request a vulnerability scan or enroll through OpenAI's 20-plus partner network without a curated invitation. Glasswing currently operates with approximately 50 partner organizations under tighter controls, and Anthropic has stated that its Claude Mythos Preview model will not be made generally available until stronger safeguards are developed.
What is GPT-5.5-Cyber and who can use it?
GPT-5.5-Cyber is a cybersecurity-permissive variant of OpenAI's GPT-5.5 model, trained to handle specialized defensive workflows — including authorized red-teaming and penetration testing — that the standard model restricts. Access requires enrollment in the Trusted Access for Cyber program and, beginning June 1, 2026, phishing-resistant account security on all individual accounts.
What did the UK AI Security Institute's evaluation find about GPT-5.5?
The UK AI Security Institute published an independent evaluation of GPT-5.5 on April 30, 2026, finding it achieved a 71.4% pass rate on Expert-level cybersecurity tasks — the highest score the institute had recorded for any model tested. The same evaluation also found that expert red-teamers developed a universal jailbreak against the model's cybersecurity safeguards in six hours, a finding that informs the access controls and monitoring requirements attached to GPT-5.5-Cyber.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
