OpenAI releases GPT‑5.4‑Cyber

OpenAI has begun giving vetted security teams access to GPT‑5.4‑Cyber, a new model tuned for defensive hacking tasks. (openai.com) Cybersecurity work often means finding flaws before criminals do, and one hard case is “binary reverse engineering,” which means inspecting compiled software when the source code is missing. OpenAI said GPT‑5.4‑Cyber is trained to be more permissive for those defensive jobs than its standard models. (openai.com) The rollout started on April 14, 2026, and OpenAI said access is limited at first to vetted security vendors, organizations, and researchers. The company is also expanding its Trusted Access for Cyber program to thousands of verified individual defenders and hundreds of teams protecting critical software. (reuters.com) (openai.com) OpenAI said higher tiers in that program unlock stronger capabilities, with the top tier eligible to request GPT‑5.4‑Cyber. The company said it uses know-your-customer checks and identity verification instead of broad public access. (reuters.com) (openai.com) The release comes as artificial intelligence companies are trying to prove their systems can help defenders faster than attackers can misuse them. OpenAI said it has been evaluating cyber capabilities since 2023, added cyber-specific safeguards in 2025, and launched Codex Security earlier in 2026. (openai.com) OpenAI said Codex Security has already contributed to fixing more than 3,000 critical and high-severity vulnerabilities. That gives the company a concrete number to point to as it argues for wider use of more capable cyber tools inside trusted programs. (thehackernews.com) The timing also puts OpenAI alongside Anthropic, which announced its own cyber model, Mythos, on April 7, 2026. Reuters reported that Anthropic is deploying Mythos under Project Glasswing, a controlled program for select organizations, and said the model had found thousands of vulnerabilities in operating systems, web browsers, and other software. (reuters.com) OpenAI said the same tools can be dual-use, meaning a system built to help patch software could also be used to spot weaknesses before they are fixed. Its answer is a narrower release, stronger safeguards against jailbreaks and prompt injection, and gradual expansion as it studies how the model behaves in the field. (openai.com) (thehackernews.com) For now, GPT‑5.4‑Cyber is not a general public chatbot release. OpenAI is treating it as a restricted tool for verified defenders while it tests whether broader access can stay ahead of the risks it is meant to reduce. (reuters.com) (openai.com)