OpenAI adds cyber tier

OpenAI has widened its restricted cyber program and added a new model tier, GPT‑5.4‑Cyber, for vetted defenders doing security work. (openai.com) OpenAI said on April 14, 2026 that it is scaling Trusted Access for Cyber to “thousands” of verified individual defenders and “hundreds” of teams that protect critical software. The company said GPT‑5.4‑Cyber is a fine-tuned version of GPT‑5.4 built to be more permissive for defensive cybersecurity tasks. (openai.com) Trusted Access for Cyber is OpenAI’s gate for high-risk dual-use security work: users must be verified before they can use stronger cyber capabilities. OpenAI introduced the program in February 2026 and paired it with a $10 million pool of application programming interface credits for cyber defense efforts. (openai.com) The company is making the change as its newer models get better at finding bugs, analyzing code, and operating software tools. In its March 5, 2026 system card for GPT‑5.4 Thinking, OpenAI said GPT‑5.4 was its first general-purpose model with mitigations for “High” cybersecurity capability. (openai.com) OpenAI said it expects more capable models over the next few months and is tuning some of them specifically for defense before broader release. In a December 2025 policy post, the company said it was planning as if each new model could reach high cyber capability under its Preparedness Framework. (openai.com 1) (openai.com 2) GPT‑5.4 itself launched on March 5, 2026 as OpenAI’s flagship model for professional work, with tool use, coding, computer-use features, and a context window of about 1 million tokens. GPT‑5.4‑Cyber takes that base and changes its behavior for security workflows rather than releasing a separate public product line. (openai.com 1) (openai.com 2) OpenAI framed the new tier as part of a controlled-access model: more capability for approved defenders, tighter checks for everyone else. The company said the program is aimed at enterprise security teams and other trusted users who need specialized behavior without opening the model to general public use. (openai.com) The move comes as artificial intelligence companies race to offer security-specific systems while limiting misuse. Anthropic introduced its own restricted cyber model, Mythos, days earlier, and OpenAI’s announcement positions GPT‑5.4‑Cyber as its answer for the same enterprise market. (mashable.com) (thehackernews.com) For security teams, the immediate change is access: more approved users, more tailored model behavior, and the same message OpenAI has pushed since February — advanced cyber tools will be available, but only behind a trust gate. (openai.com 1) (openai.com 2)