OpenAI rolls out GPT‑5.4‑Cyber
OpenAI began a limited rollout of a cybersecurity‑focused model called GPT‑5.4‑Cyber aimed at finding software vulnerabilities and supporting defensive work for vetted users. The model is being distributed inside a Trusted Access for Cyber programme that uses identity verification and vetted organisations rather than broad public access, according to reporting and company comments. (bloomberg.com) (livemint.com)
OpenAI has started a limited rollout of GPT‑5.4‑Cyber, a version of its flagship model tuned to help vetted defenders find software flaws. (openai.com) The company said on April 14 that the model is being released through Trusted Access for Cyber, or TAC, to “thousands of verified individual defenders” and “hundreds of teams” that protect critical software. (openai.com) OpenAI introduced TAC on February 5 as an identity- and trust-based access program, and said it would use strong know-your-customer checks, identity verification, and automated monitoring to decide who gets more advanced cyber capabilities. (openai.com 1) (openai.com 2) Cybersecurity work here means using artificial intelligence to read code like a reviewer, spot weaknesses before attackers do, and suggest fixes before software ships or gets patched. OpenAI said GPT‑5.4‑Cyber is “cyber-permissive,” meaning it allows more probing for defensive tasks than its general models do. (openai.com) (bloomberg.com) The release lands one week after Anthropic announced a similarly restricted cyber model called Mythos, and both companies are now arguing that the safest path is to give stronger tools to trusted security teams before broader release. (bloomberg.com) (nytimes.com) OpenAI framed the move as preparation for “increasingly more capable models” expected over the next few months, with cyber defenses expanding in step with model capability rather than after the fact. (openai.com) The company said it has been building toward this since 2023 through a Cybersecurity Grant Program, added cyber-specific safeguards to model deployments in 2025, and launched Codex Security earlier in 2026 to find and fix vulnerabilities at scale. (openai.com) OpenAI also said Codex Security has contributed to fixing more than 3,000 critical and high-severity vulnerabilities, a figure the company is using to argue that these systems can do useful defensive work before they are made widely available. (thehackernews.com) The risk is that the same model that helps a defender audit code can also help an attacker hunt for exploitable bugs faster, which is why OpenAI’s public usage rules still ban “malicious or abusive cyber activity” and attempts to break or bypass safeguards. (openai.com 1) (openai.com 2) For now, GPT‑5.4‑Cyber is not a general ChatGPT feature release. It is a controlled test of whether identity checks, narrower distribution, and closer monitoring can keep a more capable cyber model in defenders’ hands first. (openai.com) (bloomberg.com)
