The government has begun testing an artificial intelligence cybersecurity frontier model. It plans to use the results to set the direction of its response to AI security threats and enable application across industry.

Related agencies said on June 12 that the Korea Internet & Security Agency (KISA) under the Ministry of Science and ICT has recently started testing OpenAI's cybersecurity model, 'GPT-5.5 Cyber'.

OpenAI provides GPT-5.5 Cyber and 'GPT-5.5 with TAC' as cybersecurity models. Of the two, GPT-5.5 Cyber has looser guardrails than GPT-5.5 with TAC. From the tester's perspective, that means there is more room to try different things. It also allows penetration testing in a controlled environment.

The Ministry of Science and ICT officially decided to participate in GTAC on May 26, following a visit to South Korea by OpenAI Chief Strategy Officer Jason Kwon (제이슨 권). KISA then took charge as the working-level agency and secured model access rights.

KISA's testing goal is to present directions for responding to AI security threats in the domestic IT industry. To that end, it is verifying whether GPT-5.5 Cyber can be used in practice to identify and respond to security threats. If effectiveness is confirmed, it plans to expand its use to software security checks, including open source, inspections of key infrastructure and other areas.

Earlier, KISA coordinated with 1 domestic company to conduct a simulated attack using Anthropic Claude's 'Opus 4.7' and found 7 vulnerabilities. The ministry then urgently convened chief information security officers at major companies and distributed 'CEO action guidelines to prepare for AI-based cyberattacks'.

The possibility of running a separate pilot program or red-team tests also remains open. A KISA official explained, "We are testing how much we can use the model within the role assigned to KISA."

Access rights to Mythos, Anthropic's latest cybersecurity model, are also expected to be secured in the near term. On June 3, the ministry confirmed participation in Anthropic's cybersecurity consultative project, Glasswing, and KISA took on the working-level role. The two agencies have completed administrative procedures to meet security requirements demanded by Anthropic and are waiting for a response.

Attention is also turning to KISA's role as it is expected to handle GPT-5.5 Cyber and Mythos together. Uses and methods for the two models have not yet been specified, and linkage to industry is key. Similar institutions overseas, including the UK AI Safety Institute (AISI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), have so far remained focused on model evaluations and publishing guidelines.

A ministry official said, "After confirming participation in Glasswing, we are at the stage of exchanging administrative procedures, and we believe access to Mythos will be possible in the near term." The official added, "Within KISA's role and scope, we are also leaving open the possibility of linking it to industry."