Product gating beats blanket releases

Artificial intelligence companies are starting to ship powerful models behind gates, not to everyone at once. OpenAI’s new GPT-5.4-Cyber is the clearest sign yet. (openai.com) OpenAI said April 14 that GPT-5.4-Cyber is a version of GPT-5.4 fine-tuned for defensive cybersecurity work and rolled out first to vetted security vendors, organizations, and researchers. Reuters reported the release came one week after Anthropic announced Mythos on April 7. (reuters.com) The company is expanding its Trusted Access for Cyber program to “thousands” of verified individual defenders and “hundreds” of teams protecting critical software. OpenAI said higher verification tiers unlock more powerful capabilities, with the top tier eligible for GPT-5.4-Cyber. (openai.com) A cybersecurity model is software trained to help find weaknesses in code and systems before attackers do. OpenAI said this version is “cyber-permissive,” meaning it is less likely to refuse sensitive security tasks when the user has been verified for defensive work. (openai.com) OpenAI has been building the access system before broadening the model release. The company launched Trusted Access for Cyber in February and paired it with $10 million in application programming interface credits for cyber defense projects. (openai.com) That sequencing marks a change from the older pattern of releasing one general model to the public and relying mostly on the model’s built-in refusals. OpenAI’s 2025 Preparedness Framework said safety would “increasingly depend” on real-world safeguards around advanced models, including for cybersecurity. (openai.com) Axios reported OpenAI’s new cyber roadmap combines broader access with tighter controls on who gets in. The company is trying to make the tool available to legitimate defenders while using identity checks and tiered permissions to limit misuse. (axios.com) Anthropic moved in the same direction first. Its Project Glasswing gives select organizations access to Claude Mythos Preview for defensive cybersecurity, and Anthropic lists Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, and Palo Alto Networks among the launch partners. (anthropic.com) Reuters said Anthropic has claimed Mythos found “thousands” of major vulnerabilities in operating systems, web browsers, and other software. OpenAI is answering with a narrower release of its own rather than a blanket public launch. (reuters.com) The near-term contest is no longer just which company has the strongest model. It is which company can pair model capability with identity checks, permission tiers, and product workflows that let trusted users do more than the public version can. (axios.com)