OpenAI expands cyber access
OpenAI announced expanded Trusted Access for Cyber, introducing tiers for defenders and access to a GPT‑5.4‑Cyber model fine‑tuned for advanced defensive workflows. The rollout frames specialised model access as a managed capability for security teams rather than general availability. (x.com)
OpenAI has widened access to its cyber program and is giving vetted defenders a new GPT‑5.4‑Cyber model built for security work. (openai.com) OpenAI said on April 14, 2026 that its Trusted Access for Cyber program is expanding to “thousands” of verified individual defenders and “hundreds” of teams that protect critical software. The new model is not a general release; it sits inside that managed access program. (openai.com) The company said GPT‑5.4‑Cyber is a variant of GPT‑5.4 with a lower refusal boundary for legitimate security tasks, including binary reverse engineering, which means analyzing compiled software when source code is unavailable. OpenAI said that lets defenders inspect malware, hunt for vulnerabilities, and test software robustness in workflows the standard model blocks more often. (openai.com) Cyber models create a basic problem for providers: the same prompt can describe a legitimate defense job or an attack plan. OpenAI said that ambiguity led it in February 2026 to launch Trusted Access for Cyber as an identity-based pilot meant to reduce friction for approved defenders while keeping broader safeguards in place. (openai.com) That pilot arrived after OpenAI started classifying some models as having “High Cybersecurity Capability” under its Preparedness Framework. In March, OpenAI’s GPT‑5.4 Thinking system card said GPT‑5.4 was the first general-purpose model in the series to ship with mitigations for that level of cyber capability. (openai.com) The practical effect is that cyber access is being treated less like a normal product launch and more like controlled infrastructure. OpenAI said admission relies on know-your-customer checks and identity verification, with the long-term goal of automating more of that process over time. (openai.com) OpenAI has already been tightening controls around related models. Its developer documentation says GPT‑5.3‑Codex traffic is monitored for suspicious cyber activity, can return a `cyber_policy` error, and can trigger temporary limits for a user or an entire organization if thresholds are crossed. (openai.com) The company has been building this track for more than a year. OpenAI said it supported defenders through a Cybersecurity Grant Program starting in 2023, launched Trusted Access for Cyber on February 5, 2026 with a $10 million API-credit commitment, and introduced Codex Security in March 2026 to help find and fix vulnerabilities at scale. (openai.com)
