Given all the discussion of Mythos, I'm surprised that I haven't seen anyone point out that OpenAI launched Trusted Access for Cyber alongside codex-5.3:

https://openai.com/index/trusted-access-for-cyber/

It seems that if you try to use 5.3 for cyber without verifying your identity, you get routed to 5.2:

https://developers.openai.com/codex/concepts/cyber-safety

So the practice of gating capabilities based on cyber risk is not totally brand new. I'm curious to see how they handle this for 5.5, given that I expect it would be hard to generally release a model anywhere close to Mythos now without causing backlash.