On May 11 the European Commission said OpenAI proposed hands‑on access to its GPT‑5.

On May 11 the European Commission confirmed that OpenAI has proposed granting EU regulators hands‑on access to its GPT‑5.5 Cyber model so officials can conduct security reviews and monitor deployment. The offer, the Commission said, would let agencies interact directly with the model to probe potential security issues — a practical step toward verifying mitigation claims and oversight of frontier AI systems.

Commission spokesperson Thomas Regnier welcomed OpenAI’s proposal and said discussions between OpenAI and EU bodies are already underway and will continue this week. Regnier named candidate recipients for any access, including the EU’s AI Office, the European Union Agency for Cybersecurity (ENISA) and DG Connect’s cybersecurity directorate, but he did not identify the specific individuals or office holders who would receive the model.

By contrast, engagement with Anthropic has so far been slower and less concrete. The Commission says it has held “four to five meetings” with Anthropic about its Mythos model but has not secured equivalent hands‑on review access. Anthropic has limited Mythos testing to selected technology partners and cybersecurity firms under its Project Glasswing program; publicly, only the British AI Security Institute has been reported to have direct testing access.

Officials and industry observers say the divergent responses from the two leading model builders highlight an oversight gap: European regulators currently lack broad, enforceable powers to inspect frontier models and therefore depend on voluntary company cooperation. Regnier invoked existing and pending legislation — the EU AI Act and the Cyber Resilience Act-and urged faster passage of a proposed Cybersecurity Act to strengthen the regulatory toolkit available to authorities.

How any granted access would be protected against compromise or leakage remains unresolved. Reporters asked whether the Commission is preparing technical and operational safeguards if EU offices or agencies receive model copies or interfaces; Regnier said appropriate precautions would be taken but declined to outline specifics at this stage. That uncertainty underscores a practical problem for builders and deployers: without enforceable inspection powers, regulators will need transparency from companies to validate safeguards and shape compliance expectations.

OpenAI’s voluntary offer could serve as a preview of cooperative oversight that helps regulators test and calibrate policy; Anthropic’s reticence suggests continued friction that may delay regulator testing and slow the development of shared compliance standards and deployment controls.