OpenAI's gated cyber model
OpenAI unveiled GPT‑5.4‑Cyber, a version fine‑tuned for defensive cybersecurity and released only to a limited set of trusted users. The company is granting access through identity‑verified programs that let approved researchers and practitioners use a model with task‑specific permissiveness to spot vulnerabilities. (reuters.com) (mashable.com)
OpenAI on April 14 began rolling out GPT-5.4-Cyber, a cybersecurity model that only vetted defenders and researchers can use. (openai.com) The model is a fine-tuned version of GPT-5.4, which OpenAI released on March 5 as its flagship system for coding, tool use, and long-context work. OpenAI said GPT-5.4-Cyber is trained to be more “cyber-permissive” for defensive tasks such as vulnerability research and analysis. (openai.com 1) (openai.com 2) OpenAI said access will start with vetted security vendors, organizations, and researchers, then expand through new tiers in its Trusted Access for Cyber program. Reuters reported that the highest verification tier gets the fewest restrictions on sensitive security work. (reuters.com) Cybersecurity work often looks the same whether the goal is patching software or breaking into it: the same prompt can ask a model to find a flaw. OpenAI said that ambiguity led earlier safeguards to block some good-faith work, so it built identity checks, know-your-customer screening, and automated monitoring into the program. (openai.com) OpenAI launched Trusted Access for Cyber on February 5 and paired it with a $10 million commitment in application programming interface credits for cyber defense. On April 14, the company said it was scaling that program to thousands of verified individual defenders and hundreds of teams protecting critical software. (openai.com 1) (openai.com 2) The rollout came one week after Anthropic announced Claude Mythos Preview on April 7 under Project Glasswing, a separate restricted-access program for defensive cybersecurity. Reuters reported Anthropic said Mythos had found “thousands” of major vulnerabilities in operating systems, browsers, and other software. (anthropic.com) (reuters.com) OpenAI has been building toward this release for months. It updated its Preparedness Framework on April 15, 2025, to govern severe-risk models, and on March 6, 2026, it introduced Codex Security, an application security agent that finds and proposes fixes for software flaws. (openai.com 1) (openai.com 2) OpenAI said it has evaluated model cyber capabilities since 2023 and added cyber-specific safeguards in 2025. The company said future releases will keep pairing stronger defensive tools with tighter access controls instead of opening the most capable cyber features to everyone at once. (openai.com)
