
Five days into general availability, the discourse around OpenAI's GPT-5.6 family is stuck on the wrong thing. Everyone is comparing Terminal-Bench 2.1 scores and Luna's pricing. Those are fine fights. They are not the fight that should be on your radar.
The fight you should be watching is the one OpenAI dropped in paragraph seven of the release post: GPT-5.6 Sol's capability for offensive cybersecurity work has roughly doubled against OpenAI's previous flagship, and the defensive corollary has doubled with it. Generational model jumps usually move benchmarks by 1 to 3 points. Cyber capability moved by 25. That is not an iteration. That is a regime change.
OpenAI published the cyber evals against GPT-5.5 in the system card. They are unambiguous.
These are not synthetic. ExploitBench2 chains full V8 exploitation end-to-end. SEC-Bench Pro writes a working PoC against a real CVE in a real codebase. ExploitGym3 uses vetted vulnerabilities from real bug bounty disclosures. The jump from 47.9% to 73.5% on work that takes a senior security engineer half a day means an AI agent is now clearing work that, twelve months ago, a strong team could only staff with two or three specialists.
For comparison, the benchmarks the press is obsessing over: Terminal-Bench 2.1 went from roughly 85% (GPT-5.5) to 88.8% (Sol base) and 91.9% (Sol Ultra). BrowseComp hit 92.2%. OSWorld 2.0 hit 62.6% using 85% fewer output tokens than Claude Opus 4.8. Real numbers, also noise relative to the cyber delta. Above 85% on Terminal-Bench, the difference between models is whether your agent finishes in 4 minutes or 6. From 48% to 74% on real-world exploit work, the difference is whether you can deploy it at all.
Cyber capability is gated by what the model can chain autonomously: read unfamiliar code, reason about a vulnerability class, write exploit primitives, evade mitigations, iterate. Most frontier models improve here at 2 to 6 points per generation because each capability loads onto previous capabilities and small gaps compound. Doubling a number means something deeper changed in how the model reasons about adversarial systems.
OpenAI's framing in the release post is that GPT-5.6 was trained on agentic workflows that include cyber-relevant patterns, but the more honest read is that the same scaling moves that produced the Knowledge Work and Programmatic Tool Calling gains also produced the cyber gains. Programmatic Tool Calling is the giveaway: GPT-5.6 can write and run lightweight programs that filter intermediate data, retain only what matters, and adapt its workflow as it goes. That is exactly the cognitive loop a human attacker runs when chaining an exploit — and it is the loop that makes 73.5% on ExploitBench2 possible rather than a hypothetical 55%.
The preview system card is also explicit about what Sol still cannot do: in cybersecurity testing, it could not carry out autonomous, end-to-end attacks against hardened targets. It finds vulnerabilities and exploit primitives. It does not yet chain those primitives into a complete compromise unassisted. That distinction matters for defensive deployment, and it is exactly the threshold where regulation becomes useful and harmful at the same time.
The cyber delta is only half the news. The other half is how OpenAI is choosing to expose it.
GPT-5.6 launched with a new program called Daybreak Trusted Access for Cyber. Verified users and vetted security teams can access the deeper defensive capability — vulnerability triage, malware analysis, detection engineering, patch validation — through more permissive per-account safeguards. The flip side is mandatory hardware-backed passkeys (YubiKey class) by September 1, 2026. If you do not enroll, you fall back to default-access safeguards and lose access to the most cyber-capable tier.
This is the most consequential deployment model any frontier lab has shipped. It treats the cyber capability as a regulated resource: verified identity, hardware-backed authentication, defensive use cases only, audit trail — the same dual-use regime that governs cryptographic export.
The rest of you get the standard Sol endpoint, plenty capable for secure code review, threat modeling, blue teaming, and patching. You do not need the verified tier to materially improve your security posture. If you ship any kind of security product or operate infra at scale, the standard tier is already a step function above GPT-5.5.
Three moves I would ship if I were running a security or platform engineering team:
One, rerun your vulnerability triage queue through Sol. The ExploitBench2 delta translates directly into triage accuracy. If your current pipeline has a human engineer triaging 40 to 60 CVE candidates per week, Sol at medium reasoning handles the first pass on most of them. You keep the engineer for the ambiguous and high-impact cases. Expect a 1.5x to 2x throughput improvement on triage.
Two, pilot Programmatic Tool Calling on your incident-response runbooks. Most runbooks involve fetching logs, parsing events, correlating identities, producing a timeline. GPT-5.6 can do this in two inference round-trips instead of twelve — the difference between an incident response that finishes during the bridge call and one that waits until the morning.
Three, decide this week whether you are enrolling in Daybreak. If you run a CERT, a CSIRT, a red team, or critical-infrastructure security, the verified tier unlocks capabilities you cannot get any other way. The September 1 deadline is hard, and hardware-backed passkeys need procurement.
The frontier-coding narrative is the wrong frame for this release. Terminal-Bench scores above 85 are close to saturating; the gains there are incremental. The cyber jump is not incremental. OpenAI's own research is reflecting the trend — internal recursive-self-improvement capability moved up 16.2 points in one generation, with research compute on internal coding inference growing 100-fold and agentic token usage growing 22-fold over the past six months. The lab itself is using Sol the way you will be using it next month: to accelerate its own research.
Sol is not the smartest model in the world — Claude Mythos 5 is roughly even on raw intelligence, and Anthropic will fight back on capability-per-dollar within a quarter. On the cyber workload, though, GPT-5.6 Sol is in a genuinely different category, and the Daybreak regime is the first deployment model in 2026 that puts capability behind verification rather than behind a credit card. That combination is the real story of the week. Treat it like the precedent it is.
— Mr. Technology
Release date: 2026-07-09 (limited preview began 2026-06-26). Architecture: agentic-coding tool-use with Programmatic Tool Calling, Ultra mode coordinates four sub-agents in parallel by default. Pricing: Sol $5.00 input / $30.00 output per 1M tokens; Terra $2.50 / $15.00; Luna $1.00 / $6.00. Context: 1.05M tokens, 128K max output. Knowledge cutoff: 2026-02-16. Benchmarks: Terminal-Bench 2.1 Sol base 88.8%, Sol Ultra 91.9%; BrowseComp 92.2%; OSWorld 2.0 62.6% at 85% fewer output tokens vs Opus 4.8; Agents' Last Exam 53.6; AA Coding Agent Index 80; AA Intelligence Index within one point of Claude Fable 5 at 61% lower latency and half cost. Cyber: ExploitBench2 73.5% vs GPT-5.5 47.9%; SEC-Bench Pro 71.2% vs GPT-5.5 45.8%; ExploitGym3 24.9% (2hr) and 33.7% (6hr) vs GPT-5.5 15.1%. Internal RSI capability +16.2 points vs GPT-5.5; 100x compute on internal coding inference and 22x agentic token usage over six months. License: Proprietary, API plus ChatGPT plus ChatGPT Work. Deployment: Daybreak Trusted Access for Cyber, hardware-backed passkeys required by 2026-09-01. Sources: OpenAI — GPT-5.6: Frontier intelligence that scales with your ambition, OpenAI — Previewing GPT-5.6 Sol, OpenAI — Daybreak: Securing the World, OpenAI Deployment Safety Hub — GPT-5.6 Preview System Card, OpenAI Help Center — GPT-5.6 in ChatGPT, Techwire Asia — OpenAI launches GPT-5.6 for coding, cyber and science, AINews — GPT-5.6 Makes Stronger AI Cheaper and Faster for Knowledge Work, CyberPress — OpenAI Launches GPT-5.6 and ChatGPT Work.