White House Asks OpenAI for Restricted Launch of GPT-5.6 Due to Cybersecurity Risks

The Trump administration formally requested OpenAI to limit initial access to GPT-5.6, its upcoming frontier language model, to a restricted group of government-approved partners. The request, reported by CNN and Axios on June 25, originated from the Office of the National Cyber Director (ONCD) and the Office of Science and Technology Policy (OSTP), which are developing a federal framework for assessing the security of advanced AI models.

Sam Altman communicated the measure to employees during an internal Q&A session on Wednesday, stating that the government would approve access "customer by customer" during the preview period. A broader public release would come "about two weeks later," according to TechCrunch. This marks the first time in history that the U.S. government has intervened to restrict the launch of a frontier AI model prior to its public availability.

The Trigger: Autonomous Cybersecurity Models

The administration's intervention explicitly references models from Anthropic. The Mythos 5 and Fable 5, released in June, have raised alarms in Washington due to their autonomous cybersecurity capabilities. According to reports from CNN and Axios, both the U.S. government and OpenAI assess GPT-5.6 to be equivalent to Mythos in these capabilities. Tests conducted with U.S. intelligence agencies revealed that models of this generation can identify and potentially exploit vulnerabilities in critical systems with an unprecedented level of autonomy.

Anthropic had not issued a public statement regarding these tests by the time this article was published. OpenAI also did not release an official statement.

The proposed mechanism assumes that the risk arises from access within the United States and can be mitigated by selecting the initial customers, prioritizing federal contractors and partners with a proven compliance history. What this argument overlooks is that models with equivalent capabilities, such as the Mythos 5 itself and Google's Gemini 2.5 Pro, are already circulating without similar restrictions in other jurisdictions.

Two Governance Regimes That Do Not Converge

The European Union has established a structural model for addressing this issue. The EU AI Act, whose obligations for general purpose AI models (GPAI) have been in effect since August 2025, requires detailed technical documentation, independent compliance assessments, and notification to the AI Office in Brussels for models classified as systemic risk. The process is ex ante and applicable to any developer operating in the European market.

The American mechanism emerging from the request for GPT-5.6 is radically different: it is ad hoc, bilateral, and negotiated directly between the government and a specific supplier, without a formal public process. For consultancies operating in both jurisdictions, the two regimes do not replace each other. Approval from the U.S. government to access GPT-5.6 does not equate to compliance with the AI Act. A company seeking to deploy the model for European clients will still need to satisfy the technical documentation and risk assessment requirements imposed by Brussels, regardless of what Washington has approved.

What the Restriction Means for IT Firms Outside the U.S.

For large Indian IT consultancies, the bilateral vetting creates a structural access risk. TCS, Infosys, and Wipro serve large American corporate clients but do not fit the profile of federal contractors likely to guarantee priority access to GPT-5.6 in the preview phase. Accenture, with its established American federal practice, and firms like Booz Allen Hamilton, which are native to the American public market, start with an advantage in this initial window.

In Brazil, where there is no equivalent federal regulation for frontier AI models, access to GPT-5.6 and future models will depend on decisions made between Washington and the major labs, without Brazilian participation. Local consultancies and integrators building service portfolios around OpenAI models will need to incorporate restricted access scenarios into their vendor risk management practices.

The Precedent, Not the Restriction

What the GPT-5.6 case establishes goes beyond the immediate limitation. If the bilateral vetting between the U.S. government and labs becomes the standard for each new frontier generation, Washington will function as a global arbiter of access to cutting-edge AI models, a role for which no other jurisdiction—be it European, Japanese, or Brazilian—has a seat at the table. For CIOs and consulting partners structuring medium-term AI strategies, the diversification of model suppliers, currently a technical debate around performance and cost, will become a sovereignty decision.