OpenAI has granted nine major UK banks access to GPT-5.5 Cyber, its cybersecurity-focused AI model, as debate continues over how advanced AI security tools should be deployed across critical financial infrastructure.
The rollout gives institutions, including Lloyds Banking Group, HSBC and Nationwide access to technology designed to identify software vulnerabilities and security weaknesses. NatWest and Santander already had access through existing agreements, according to the BBC.
The move comes as rival AI company Anthropic continues to limit access to its Claude Mythos cybersecurity model, which remains unavailable to most UK banks despite growing interest from the sector.
The UK’s AI Security Institute recently found GPT-5.5 Cyber and Claude Mythos delivered similar levels of performance across cybersecurity testing tasks, adding to industry interest in how the models could support security teams responsible for protecting complex banking systems.
Former UK Chancellor George Osborne, now a senior executive at OpenAI, said the company wanted to make the technology available to organisations responsible for defending critical infrastructure while maintaining safeguards around access.
“The key things with these tools is that they need to be in the hands of the right people,” Osborne said.
“We want to make sure that the forces that are establishing order in our democracies have these tools, and the forces that want to disrupt us or commit crime, do not.”
The access debate has intensified since Anthropic revealed that Claude Mythos had identified a vulnerability within a legacy system that had reportedly gone undetected for nearly three decades.
While OpenAI has expanded GPT-5.5 Cyber access to financial institutions in markets including the UK, Canada and Japan, Anthropic has taken a more restrictive approach, arguing that Mythos requires additional safeguards due to its capabilities.
Anthropic said it is working to expand access to the model but believes a more cautious rollout remains appropriate.
Cybersecurity experts say both tools have the potential to transform how banks identify vulnerabilities across increasingly complex technology environments, particularly within legacy systems that remain critical to financial infrastructure.
“I don’t necessarily expect these tools to surface things humans wouldn’t find eventually but they are relentless and incredibly thorough in sorting through the millions of lines of code which are in banking apps alone,” said Professor Alan Woodward, a cybersecurity expert at the University of Surrey.
“In the UK, some of the code which banking systems still run on is incredibly old, and AI will be very useful at finding problems there.”
“They can do many weeks’ worth of work in minutes – but they do also surface false positives, so you still need a human in the loop to check their findings.”
Copyright © 2026 FinTech Global
Copyright © 2018 RegTech Analyst
