GPT‑5.4‑Cyber ships

OpenAI has started rolling out GPT‑5.4‑Cyber, a version of its GPT‑5.4 model tuned for defensive cybersecurity and limited to vetted users. (openai.com) Cybersecurity work includes tasks like finding software flaws before attackers do, unpacking suspicious code, and tracing how malware behaves inside a system. OpenAI said GPT‑5.4‑Cyber is trained to be “cyber-permissive” for those defensive jobs and launched it on April 14, 2026. (openai.com) The model sits inside OpenAI’s Trusted Access for Cyber program, which the company introduced on February 5, 2026 as an identity- and trust-based gate for higher-risk cyber capabilities. OpenAI said the program is now expanding to thousands of verified individual defenders and hundreds of teams that protect critical software. (openai.com 1) (openai.com 2) OpenAI said higher verification tiers unlock more powerful tools, and the top tier gets access to GPT‑5.4‑Cyber with fewer restrictions on sensitive tasks such as vulnerability research and analysis. Reuters reported the rollout is initially limited to vetted security vendors, organizations, and researchers. (reuters.com) (openai.com) The release extends a safety approach OpenAI had already started building into its general models. In its March 5, 2026 system card for GPT‑5.4 Thinking, OpenAI said GPT‑5.4 was its first general-purpose model with mitigations for “High capability in Cybersecurity.” (openai.com) The base GPT‑5.4 model, released March 5, 2026, is OpenAI’s flagship professional model and supports up to 1 million tokens of context in the application programming interface and Codex. OpenAI said that base model combines reasoning, coding, tool use, and computer-use features, which helps explain why a cyber-specific fine-tune could handle long security workflows. (openai.com) OpenAI says the point of the gate is to reduce friction for legitimate defenders without broadly opening dual-use cyber capabilities to everyone. The company said ordinary prompts like “find vulnerabilities in my code” can describe either responsible patching or preparation for an attack, so it uses identity checks, know-your-customer verification, and automated monitoring. (openai.com) The company is pairing the model launch with a broader push to seed the security ecosystem. On April 16, 2026, OpenAI said it had committed $10 million in application programming interface credits through its Cybersecurity Grant Program and named recipients including Socket, Semgrep, Calif, and Trail of Bits. (openai.com) OpenAI also said companies including Bank of America, BlackRock, BNY, Citi, Cisco, CrowdStrike, Goldman Sachs, JPMorgan Chase, Morgan Stanley, NVIDIA, Oracle, SpecterOps, and Zscaler have joined the effort. It said the U.S. Center for AI Standards and Innovation and the United Kingdom AI Security Institute also received access to evaluate the model’s cyber capabilities and safeguards. (openai.com) The launch lands as artificial intelligence companies race to offer stronger security tools without making offensive misuse easier. Reuters noted OpenAI’s release came a week after Anthropic announced Mythos on April 7, 2026 under its own controlled defensive program, Project Glasswing. (reuters.com) For now, OpenAI is treating GPT‑5.4‑Cyber less like a mass-market chatbot and more like a controlled instrument for people already responsible for defending networks and software. The next test is whether that narrow rollout produces faster patching and better safeguards at the same time. (openai.com)