OpenAI rolls out Cyber model
OpenAI has begun giving a limited group of vetted security researchers and vendors access to a cybersecurity‑focused model called GPT‑5.4 Cyber, which is distributed through a Trusted Access for Cyber programme rather than standard ChatGPT channels. Reports say the model includes capabilities aimed at vulnerability discovery and reverse‑engineering, and OpenAI scaled the trusted‑access pool to thousands of defenders as it positions a separate security workflow for high‑risk use cases. ( )
OpenAI has started giving vetted security researchers access to GPT-5.4-Cyber, a new model tuned for defensive hacking work, through a separate trust program instead of ChatGPT. (openai.com) On April 14, 2026, OpenAI said it was expanding Trusted Access for Cyber to “thousands” of verified individual defenders and “hundreds” of teams that protect critical software. The company said GPT-5.4-Cyber is the first model in that rollout. (openai.com) The model is meant to help with jobs such as finding software vulnerabilities and reverse-engineering code, which means taking a program apart to understand how it works. Bloomberg reported the release came one week after Anthropic announced a limited cybersecurity model called Mythos. (bloomberg.com, openai.com) Cybersecurity models are unusually sensitive because the same skills used to test defenses can also be used to break into systems. OpenAI said Trusted Access for Cyber uses identity checks, vetting, monitoring, and usage controls to keep those capabilities with approved defenders. (openai.com, openai.com) OpenAI began that program on February 5, 2026, when it said it would pair expanded cyber access with $10 million in application programming interface credits for defenders. The April 14 update shifts that effort from a pilot for selected users to a larger channel for high-risk security work. (openai.com, openai.com, openai.com) The company is also separating cyber work from its mainstream consumer products. Its developer documentation says some security-related requests can be rerouted by automated systems, while the trusted-access program is designed to let approved users continue that work without disruption. (openai.com) That puts OpenAI closer to a model used in other dual-use fields, where access depends less on the software itself than on who gets it and under what controls. Wired reported OpenAI is building a distinct workflow for security use cases that it considers too risky for ordinary release channels. (wired.com, openai.com) OpenAI framed the move as preparation for “increasingly more capable models” expected over the next few months. For now, the company is opening GPT-5.4-Cyber to a narrow set of defenders first, not to general ChatGPT users. (openai.com, bloomberg.com)
