OpenAI launches GPT‑5.4‑Cyber

OpenAI has launched GPT‑5.4‑Cyber, a version of its flagship model tuned for defensive security work and limited to vetted users. (openai.com) The company announced the model on April 14 and said it is expanding Trusted Access for Cyber to “thousands” of verified individual defenders and “hundreds” of teams that protect critical software. Reuters reported the release came one week after Anthropic announced its own cyber model, Mythos, on April 7. (openai.com) (reuters.com) Cybersecurity is the work of finding and fixing weaknesses before attackers exploit them. OpenAI said GPT‑5.4‑Cyber is designed to help with tasks such as vulnerability research, binary reverse engineering, and malware analysis, which means examining compiled software and suspicious code to see how it works. (openai.com) (xda-developers.com) OpenAI said the new model is “cyber-permissive,” meaning it relaxes some refusal rules for approved defenders working on legitimate security problems. The company said access will start on a limited basis for vetted security vendors, organizations, and researchers because the model can handle more sensitive requests than general-purpose systems. (openai.com) (reuters.com) The release extends a program OpenAI introduced in February 2026 to put advanced cyber tools behind identity and trust checks instead of offering them openly. In that earlier rollout, OpenAI also committed $10 million in application programming interface credits for cyber defense work. (openai.com) OpenAI tied the expansion to what it called “increasingly more capable models” expected over the next few months. Axios reported the company also set out tiered access rules for stronger cyber systems, with stricter controls as model capability rises. (openai.com) (axios.com) The company said GPT‑5.4‑Cyber has already been used in trials that helped defenders identify and fix more than 3,000 vulnerabilities. OpenAI did not publish a full public list of those bugs in its announcement, but it cited the figure as evidence for broader rollout to approved users. (thehackernews.com) (openai.com) OpenAI is not making this a general ChatGPT feature for ordinary users. 9to5Mac reported that enterprises must request trusted access through their OpenAI representative, underscoring that the company is treating this as a permissioned security product rather than a mass-market assistant. (9to5mac.com) The immediate test is whether OpenAI can keep that balance: more help for defenders without making advanced attack knowledge easier to misuse. For now, the company is betting that tighter screening, narrower access, and a model built for security teams can hold that line. (openai.com) (reuters.com)