OpenAI releases GPT‑5.4‑Cyber

OpenAI has started offering GPT‑5.4‑Cyber, a version of its GPT‑5.4 model tuned for defensive security work, through a gated program for vetted defenders. (openai.com) The company said on April 14 it is expanding Trusted Access for Cyber, or TAC, to “thousands” of verified individual defenders and “hundreds” of teams that protect critical software. OpenAI said GPT‑5.4‑Cyber is the first model in that rollout. (openai.com) In plain terms, TAC is an identity and trust check for advanced cyber features: OpenAI said it is meant to put stronger capabilities in the hands of security researchers, vendors and enterprise teams while keeping standard guardrails for general users. The company first introduced the program in February 2026 with a $10 million commitment in API credits for cyber defense work. (openai.com) The technical shift is not that the model “does cybersecurity” on its own. OpenAI said it fine-tuned GPT‑5.4‑Cyber to be more “cyber‑permissive,” meaning it is more willing than the base model to help with legitimate defensive tasks that can also look risky in a normal chatbot. (openai.com) OpenAI named binary reverse engineering as one example. That is the work of inspecting compiled software without source code — the digital equivalent of examining a sealed machine from the outside to figure out how it works — and it is common in malware analysis and incident response. (openai.com) The release extends a safety approach OpenAI had already started building into its broader GPT‑5.4 line. In a system card published on March 5, OpenAI said GPT‑5.4 Thinking was its first general-purpose model with mitigations for “High” cybersecurity capability. (openai.com) OpenAI is also tying the model to outside review. The company said it provided GPT‑5.4‑Cyber to the U.S. Center for AI Standards and Innovation and the U.K. AI Security Institute for evaluations focused on cyber capabilities and safeguards. (openai.com) The early customer list shows where OpenAI wants this used. OpenAI named Bank of America, BlackRock, BNY, Citi, Cisco, Cloudflare, CrowdStrike, Goldman Sachs, JPMorgan Chase, NVIDIA, Oracle, Palo Alto Networks and Zscaler among participants in its cyber defense push. (openai.com) The move also lands in a live industry argument over how tightly frontier cyber models should be controlled. Reuters reported OpenAI announced GPT‑5.4‑Cyber days after Anthropic unveiled its own restricted cyber model, turning access policy into part of the competition between major model labs. (reuters.com) OpenAI’s position is that broader verified access helps defenders move faster as model capability rises. The practical test now is whether TAC can scale beyond a small circle of approved users without weakening the safeguards that made the program possible in the first place. (openai.com)