OpenAI offers GPT‑5.4‑Cyber

OpenAI has started offering GPT‑5.4‑Cyber, a cybersecurity-tuned version of GPT‑5.4, through a restricted program for verified defenders. (openai.com) The company said on April 14 that it is scaling its Trusted Access for Cyber program to “thousands” of verified individual defenders and “hundreds” of teams that protect critical software. OpenAI said GPT‑5.4‑Cyber is trained to be more permissive for defensive security work than its general models. (openai.com) Trusted Access for Cyber began as a pilot on February 5, 2026, when OpenAI paired GPT‑5.3‑Codex with identity checks, trust reviews and $10 million in application programming interface credits for cyber defense work. OpenAI said the system was built because the same request to “find vulnerabilities” can support either patching or intrusion. (openai.com) Cybersecurity here means using artificial intelligence as a faster code reviewer and incident helper: systems can scan software, flag weak points and suggest fixes before attackers exploit them. OpenAI said newer models can now work autonomously for hours or days on complex tasks, which raises both defensive value and misuse risk. (openai.com) That tension has been building for months inside OpenAI’s safety work. In a December 10, 2025 post, the company said its cyber scores on capture-the-flag tests rose from 27 percent on GPT‑5 in August 2025 to 76 percent on GPT‑5.1‑Codex‑Max in November 2025. (openai.com) OpenAI’s March 5 system card for GPT‑5.4 said GPT‑5.4 Thinking was the first general-purpose model in the series to include mitigations for “High” cybersecurity capability. The company defines that threshold as a model that could help develop zero-day exploits or assist stealthy enterprise or industrial intrusions. (openai.com 1) (openai.com 2) GPT‑5.4 itself is a broader professional model that OpenAI released on March 5 in ChatGPT, the application programming interface and Codex, with up to 1 million tokens of context and native computer-use features. GPT‑5.4‑Cyber is not that general release; it is a separate tuned variant inside the restricted cyber program. (openai.com 1) (openai.com 2) OpenAI said participating organizations already include Bank of America, BlackRock, BNY, Citi, Cisco, CrowdStrike, Goldman Sachs, iVerify, JPMorgan Chase, Morgan Stanley, NVIDIA, Oracle, SpecterOps and Zscaler. It also said it gave access to the United States Center for AI Standards and Innovation and the United Kingdom AI Security Institute for evaluations of the model’s cyber capabilities and safeguards. (openai.com) The company said it will keep widening access as model capability rises, while tying that access to stronger verification and monitoring. For now, GPT‑5.4‑Cyber is being positioned as a tool for vetted defenders, not a feature for ordinary ChatGPT users. (openai.com 1) (openai.com 2)