OpenAI limits cyber model

OpenAI is limiting access to GPT-5.4-Cyber, a new model tuned to help find software flaws, to verified defenders instead of the general public. (openai.com) OpenAI said April 14 that GPT-5.4-Cyber will be distributed through its Trusted Access for Cyber program, which it is expanding to “thousands” of verified individual defenders and “hundreds” of teams that protect critical software. (openai.com) The company described the model as a variant of GPT-5.4 that is “cyber-permissive,” meaning it is tuned for defensive security work such as vulnerability discovery and remediation rather than broad consumer use. (openai.com) Software vulnerabilities are coding mistakes or design weaknesses that can let attackers break in, steal data, or take control of systems; tools that find them faster can help defenders patch systems before criminals do. OpenAI said recent models can work autonomously for hours or days on complex cyber tasks, which raises both defensive value and misuse risk. (openai.com) OpenAI began piloting Trusted Access for Cyber on February 5 with GPT-5.3-Codex, saying ordinary prompts like “find vulnerabilities in my code” are hard to classify because they can support either responsible patching or offensive hacking. (openai.com) The company had already started tightening cyber safeguards in its mainstream models. In a March 5 system card, OpenAI said GPT-5.4 Thinking was its first general-purpose model with mitigations for “High capability in Cybersecurity.” (openai.com) The move also tracks a wider shift among frontier artificial intelligence labs toward gated release of stronger cyber systems. On April 7, Security Boulevard reported that Anthropic was keeping its Claude Mythos Preview model out of public release and testing it through a restricted program called Project Glasswing. (securityboulevard.com) Anthropic said Project Glasswing involved companies including Amazon, Microsoft, Apple, Google, and NVIDIA, and that the model had found thousands of serious vulnerabilities across operating systems, browsers, and other core software. (securityboulevard.com) Anthropic’s Responsible Scaling Policy, updated April 2, says the company can pause development or take other measures when model risks warrant it, underscoring how labs are building formal rules for handling systems that could speed up cyber offense as well as defense. (anthropic.com) For now, OpenAI is not treating its strongest cyber model like a normal product launch. It is treating access itself as the safety control. (openai.com)