OpenAI rolls out GPT‑5.4‑Cyber

OpenAI has started rolling out GPT‑5.4‑Cyber, a version of its GPT‑5.4 model tuned for defensive security work and limited to vetted users. (openai.com) OpenAI announced the model on April 14, 2026, alongside an expansion of its Trusted Access for Cyber program to “thousands” of verified individual defenders and “hundreds” of teams protecting critical software. (openai.com) The company said GPT‑5.4‑Cyber is “cyber-permissive,” meaning it is trained to be less likely than standard models to refuse legitimate security tasks such as malware analysis, vulnerability research, and binary reverse engineering of compiled software without source code. (openai.com) (livemint.com) Binary reverse engineering is the practice of inspecting finished software the way a mechanic inspects a sealed engine: researchers study the compiled program itself to find bugs, hidden behavior, or signs of malicious code. OpenAI said GPT‑5.4‑Cyber is meant to help with that kind of work when source code is unavailable. (openai.com) (helpnetsecurity.com) OpenAI is not offering the model broadly in ChatGPT. Access is being restricted to verified security vendors, enterprise teams, organizations defending public infrastructure, and researchers admitted through the company’s gated program. (openai.com) (livemint.com) The release extends a policy OpenAI began in February 2026, when it introduced Trusted Access for Cyber as a way to give defenders more capability while keeping stricter controls on models with stronger offensive potential. (openai.com) OpenAI’s broader GPT‑5.4 launch in March already framed cybersecurity as a frontier risk area. In its GPT‑5.4 system card, the company said GPT‑5.4 Thinking was its first general-purpose model with mitigations for “High” cybersecurity capability. (openai.com 1) (openai.com 2) On April 16, OpenAI said companies and organizations already participating in the cyber program include Bank of America, BlackRock, BNY, Citi, Cisco, CrowdStrike, Goldman Sachs, iVerify, JPMorgan Chase, Morgan Stanley, NVIDIA, Oracle, SpecterOps, and Zscaler. (openai.com) OpenAI also said it provided GPT‑5.4‑Cyber to the United States Center for AI Standards and Innovation and the United Kingdom AI Security Institute for evaluations focused on the model’s cyber capabilities and safeguards. (openai.com) The rollout lands days after Anthropic announced its own cyber-focused model, Mythos, but kept it from individual users because of misuse concerns. Reuters reported OpenAI’s April 14 launch as a direct response to that new competition over how to ship powerful security models without opening them to everyone at once. (reuters.com)