OpenAI gates cyber model access

OpenAI is limiting its new cybersecurity model to vetted defenders instead of releasing it broadly. (openai.com) On April 14, OpenAI said it was expanding Trusted Access for Cyber to thousands of verified individual defenders and hundreds of teams that protect critical software. The same announcement introduced GPT-5.4-Cyber, a version of GPT-5.4 tuned to be more permissive for defensive security work. (openai.com) The company described the program as tiered access: some users get standard models, while a narrower group that passes identity and trust checks can use stronger cyber capabilities. Axios reported the rollout as a plan to widen access while still controlling who can use the most capable tools. (openai.com, axios.com) Cybersecurity models are systems that help find software flaws, explain attack paths, and suggest fixes. OpenAI said it is fine-tuning models for those defensive jobs as it prepares for more capable releases “over the next few months.” (openai.com) The timing follows a sharper fight over how much offensive-looking capability artificial intelligence companies should expose to users. Wired said OpenAI’s move came after Anthropic introduced Mythos, a model that drew scrutiny for how far it would go on cyber tasks. (wired.com) OpenAI has been signaling for months that cyber capability is moving into a higher-risk category inside the company. Its developer documentation says GPT-5.3-Codex was the first model it treated as “High” cybersecurity capability, which triggered extra safeguards and monitoring for suspicious use. (developers.openai.com, developers.openai.com) Under OpenAI’s Preparedness Framework, “High” cyber capability means a model can remove existing bottlenecks in cyber operations, including automating vulnerability discovery or exploitation against reasonably hardened targets. The framework says OpenAI will not deploy very capable models until safeguards are built to reduce severe-harm risk. (deploymentsafety.openai.com, cdn.openai.com) OpenAI started Trusted Access for Cyber in February with a pilot and a $10 million pool of application programming interface credits for defense work. The April 14 expansion turns that pilot into a larger gatekeeping system around a model built specifically for security professionals. (openai.com, openai.com) The company’s pitch is that defenders need stronger tools before attackers get them first, but the tools should not be open to everyone at once. That leaves OpenAI trying to compete in artificial intelligence-assisted vulnerability hunting while making access control part of the product itself. (openai.com, wired.com)