OpenAI board member and former U.S. Cyber Command commander and NSA director Paul Nakasone visited Tokyo on May 21, held talks with Japanese government officials on cybersecurity measures across 15 key infrastructure areas, and announced plans to provide access to the GPT-5.5-Cyber model to the Japanese government and Japanese companies.
Confirmed technical positioning of GPT-5.5-Cyber and the threat backdrop
Sasha Baker, OpenAI’s head of national security policy, said at a Tokyo press briefing that the backdrop for this cooperation is the rapid evolution of AI-driven cyberattack capabilities. She specifically mentioned that Anthropic’s Mythos model (an unreleased version) has the ability to autonomously identify and exploit software, web browser, and operating system security vulnerabilities, stressing the need to build a cybersecurity “ecosystem” to counter such powerful automated attack patterns. Nakasone said: “We will build strong security systems and always stay ahead of malicious actors. We plan to expand the scope of these efforts from financial institutions and critical infrastructure to local governments and manufacturing supply chains.” Baker added: “We want the Japanese government and businesses to use our most advanced models.”
Japan’s AI sovereignty strategy shift: from in-house development to a diversified framework
Behind the shift in Japan’s AI policy is a clear resource reality: between 2019 and 2023, the U.S. government invested about $329 billion in domestic AI R&D, China about $133 billion, and Japan only about $10 billion (Japanese government data). In IMD 2025’s World Digital Competitiveness ranking, Japan ranks 30th among 69 countries. The Ministry of Economy, Trade and Industry (METI) previously proposed in October 2025 to build a “Japan version of ChatGPT” large-scale foundation model, but some lawmakers criticized the goal as unrealistic due to a lack of policy resources to compete with the U.S. and China. The framework Japan is turning to now is: using foundation models developed abroad as the technical base, layering on an application layer developed using domestic industry data, while also diversifying supplier dependence to avoid creating strategic reliance on any single source. Akiko Aoki? (not provided) has framed the current direction as Japan entering the “post-LLM era”—with a focus on AI application innovation in manufacturing, healthcare, and infrastructure, rather than starting from scratch to develop large language models.
Common questions
How exactly does the “Trusted Access for Cyber” (TAC) plan for GPT-5.5-Cyber limit access, and how can Japanese companies apply?
The TAC (Trusted Access for Cyber) program is OpenAI’s limited access mechanism for cybersecurity applications. It requires applicant organizations to pass OpenAI’s qualification review and screening process. Based on the briefing in Tokyo, Japanese companies can apply for access via a combination of the standard GPT-5.5 and TAC defense tools; Japanese government agencies, meanwhile, will arrange access directly through government-to-government cooperation channels established during the access period involving Nakasone and Baker. Specific eligibility requirements (such as organization type, security certifications, and use-case restrictions) have not yet been disclosed in detail in public documents.
Does Paul Nakasone’s transition from U.S. military leadership to an OpenAI board member raise conflict-of-interest concerns?
Nakasone retired from his role as commander of U.S. Cyber Command/NSA director on February 1, 2024. In May 2024, he was appointed founding director of the National Security Studies Institute at Vanderbilt University, and that same June joined the OpenAI board of directors. In the U.S., there is public debate about “revolving doors” when former senior government officials join private technology company boards, especially when national security matters are involved. Nakasone’s visit to Japan this time represents OpenAI conducting sensitive cybersecurity cooperation discussions with its allies—Japanese government counterparts of his former employer (the U.S. government). This role has typical revolving-door characteristics, but there is currently no record of any official investigation or legal process having been initiated.
Why did OpenAI officials call out Anthropic’s Mythos model amid the backdrop of OpenAI’s competing products?
Baker’s mention of Anthropic’s Mythos model (an unreleased version) was intended to show that “advanced AI cyberattack capabilities already exist,” thereby building the case for the necessity of a GPT-5.5-Cyber defensive product. In the AI safety community, the same class of advanced AI capabilities can be used both to discover and exploit vulnerabilities (attacks) and to identify and patch vulnerabilities (defense). By highlighting a competitor’s existing attack capabilities, OpenAI’s strategy is to emphasize that the cost of not buying the most advanced defensive AI matters, rather than simply selling its own products. At present, there is no confirmed public documentation record of the specific technical specifications of Anthropic Mythos or any direct linkage to threats to Japan’s cybersecurity.
