OpenAI adds cyber tiers

OpenAI said on April 14 it is expanding its Trusted Access for Cyber program and letting top-tier customers request GPT-5.4-Cyber for defensive security work. (openai.com) The company said the program now covers “thousands” of verified individual defenders and “hundreds” of teams that protect critical software. OpenAI launched Trusted Access for Cyber in February with a pilot and said then it would pair broader access with stronger identity checks and safeguards. (openai.com 1) (openai.com 2) GPT-5.4-Cyber is a variant of GPT-5.4 that OpenAI said was fine-tuned to be more permissive for cybersecurity tasks such as malware analysis, incident triage, and vulnerability assessment, while remaining limited to vetted users. OpenAI said customers in the highest access tiers can request the model rather than getting it by default. (openai.com) Cybersecurity is the work of finding, understanding, and fixing weaknesses before attackers exploit them. OpenAI said that same dual-use problem is why it is separating defensive users into tiers instead of releasing the model as a general-purpose product. (openai.com 1) (openai.com 2) The timing follows OpenAI’s March 5 release of GPT-5.4, which the company described as its flagship professional model with coding, tool use, and a context window of up to 1 million tokens. In the GPT-5.4 system card, OpenAI said GPT-5.4 Thinking was its first general-purpose model with mitigations for “High” cybersecurity capability. (openai.com 1) (openai.com 2) OpenAI said it is preparing for “increasingly more capable models” over the next few months, and framed the new cyber tiers as part of that rollout. The company also said it is adding ecosystem support, including access pathways for enterprises and security practitioners through a dedicated application process. (openai.com) (openai.com) The company’s earlier February announcement tied the cyber program to a $10 million commitment in application programming interface credits for security work. That post said the goal was to help defenders detect attacks faster, analyze threats, and improve resilience across organizations of different sizes. (openai.com) Outside OpenAI, rivals have been moving in the same direction. Anthropic has also restricted access to higher-risk cyber capabilities, and several April 14 reports described OpenAI’s move as a limited-release model for vetted defenders rather than a mass-market launch. (siliconangle.com) (mashable.com) For security teams, the immediate change is practical: more verified defenders can get into the program, and the highest tiers can ask for a model tuned for hands-on defensive workflows. For everyone else, OpenAI’s message was narrower than a product launch: this is specialized access, not a public release. (openai.com)