OpenAI's cyber model

OpenAI has begun rolling out GPT-5.4-Cyber, a version of its latest model tuned for defensive cybersecurity and restricted to vetted users. (openai.com) The company said on April 14 that GPT-5.4-Cyber is “cyber-permissive,” meaning it is trained to be less likely than standard GPT-5.4 to refuse legitimate security work such as vulnerability research and analysis. Reuters reported the release came one week after Anthropic announced its own gated cyber model, Mythos, on April 7. (openai.com) (money.usnews.com) OpenAI is not offering the model broadly through ChatGPT or its public application programming interface. The company said access will go first to vetted security vendors, organizations and researchers through the highest tier of its Trusted Access for Cyber program. (money.usnews.com) (openai.com) That matters because cybersecurity tools are dual-use: the same system that helps a defender find a flaw can also help an attacker exploit one. Axios reported OpenAI is responding with tiered access controls that expand use of advanced cyber models while tightening checks on who gets the most permissive versions. (axios.com) OpenAI said the Trusted Access for Cyber program is now scaling to thousands of verified individual defenders and hundreds of teams responsible for critical software. The company said stronger identity checks, including know-your-customer verification, will be used to unlock more capable tools. (openai.com) The program itself is new. OpenAI launched Trusted Access for Cyber on February 5, 2026, and paired it with $10 million in application programming interface credits through a Cybersecurity Grant Program aimed at defensive work. (openai.com) OpenAI has been building adjacent security products as well. On March 6, it introduced Codex Security, an application security agent that scans code, ranks likely vulnerabilities, and proposes fixes; the company said the new access program is part of a broader push to help defenders find and patch flaws faster. (openai.com 1) (openai.com 2) Anthropic is taking a similar gated approach with Project Glasswing, which gives selected partners access to Claude Mythos Preview for defensive cybersecurity work. Anthropic said the launch partners include Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, and Palo Alto Networks. (anthropic.com) For now, both companies are making the same bet: keep the most capable cyber models in a narrow lane, give them to verified defenders first, and widen access only as the safeguards hold up. (openai.com) (axios.com)