Nine banks get OpenAI cyber tool after Anthropic blocks preview

Nine major UK banks have been offered access to OpenAI’s GPT-5.5 Cyber after Anthropic blocked previews of its rival tool, putting a commercial race at the center of bank security planning. The split has sharpened a larger question: who gets to supply the AI systems that help defend the institutions the financial system depends on.

Bank of England Governor Andrew Bailey said on May 29 that UK banks still had not gained access to Anthropic’s Mythos model six weeks after it first raised concern. Bailey said the delay appeared to be caught up in U.S. political considerations, and he warned that banks cannot treat cyber resilience as a single-firm problem because major lenders are tightly interconnected. If one institution is exposed, the risk does not stop at its own balance sheet.

Anthropic’s own UK AI Security Institute had already flagged why the model drew attention. On April 13, the institute said Claude Mythos Preview showed continued improvement in capture-the-flag challenges and significant improvement in multi-step cyber-attack simulations. It said the model succeeded 73% of the time on expert-level capture-the-flag tasks and solved a 32-step cyber range, called The Last Ones, that was estimated to take humans about 20 hours to complete. The results reinforced the appeal of frontier models as defensive tools, but they also made access control a policy issue, not just a technical one.

OpenAI moved in parallel. On May 7, it said GPT-5.5-Cyber was rolling out in limited preview to vetted cybersecurity teams, and on May 11 it said it would grant European Union access. OpenAI has framed the program as Trusted Access for Cyber, an identity- and trust-based framework for verified defenders working on vulnerability identification, triage, malware analysis, reverse engineering, detection engineering and patch validation.

The competition has left banks and regulators with a procurement problem that is also a governance problem. Anthropic has limited access to selected companies and agencies, while OpenAI has widened access to vetted defenders. For financial institutions, the choice is no longer only about which model performs better in a lab. It is about which vendor is trusted to help guard payment systems, lending networks and customer data across borders where U.S., UK and European regulators are all trying to define the rules before the next breach does it for them.