GPT-5.5-Cyber will reach MUFG, SMBC and Mizuho through a verified-defender programme, the finance minister said, as Tokyo treats frontier AI as both threat and shield.

The same models that make cyberattacks cheaper to run are now being handed, deliberately, to the people defending against them. Japan’s three megabanks will gain access to OpenAI’s latest model for cyber defence, Finance Minister Satsuki Katayama said, in a move that treats a frontier system as critical national infrastructure rather than a consumer product.

The model, GPT-5.5-Cyber, will reach MUFG Bank, Sumitomo Mitsui Banking Corporation and Mizuho Bank through what OpenAI calls its “Trusted Access for Cyber” programme, a framework built to put the most capable tools only in the hands of verified defenders.

The logic is gatekeeping: a model good enough to find vulnerabilities at scale is, by definition, dangerous if it reaches the wrong users, so access is rationed to institutions that can be vetted.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The arrangement did not come together at the technical level alone. Katayama and US Treasury Secretary Scott Bessent were directly involved in the discussions that opened the collaboration, lending it the character of a government-to-government understanding as much as a commercial supply deal.

Tokyo, in this telling, is procuring cyber defence the way it might procure any other strategic capability.

It also sits inside a wider push. Japan established a public-private working group on AI-related cyber risk in the middle of May, drawing together the major banks, the Bank of Japan and the local units of the leading AI labs.

The body is built around the risks posed by a new class of vulnerability-hunting systems, the most discussed of which has been Anthropic’s Claude Mythos, which Japanese institutions are separately set to access. The OpenAI deal is the second frontier lab to plant a flag in the same defensive coalition.

That detail matters, because it shows two American labs courting the same sovereign customer with near-identical pitches.

Both are positioning cyber-specific versions of their flagship models as tools for national defenders, which amounts to the early formation of an AI defence-contractor market, with banks and finance ministries as the buyers.

There is a structural risk inside the good news. Concentrating the most capable defensive AI in a handful of large, vettable institutions leaves the rest of the financial system, the smaller banks and the fintech startups, on the other side of a widening gap.

A two-tier security landscape, in which the megabanks are well defended and everyone else is more exposed, is a plausible by-product of a programme designed, reasonably, to keep powerful tools out of the wrong hands.

For now, the immediate effect is straightforward. Three of the largest banks in the world will soon have a frontier model pointed at their own defences, supplied through a vetted channel, with two governments having helped broker the terms.

Whether that makes the wider system safer or merely the strongest parts of it is the question the coming months will answer.