OpenAI expands cyber access

OpenAI is widening its gated cyber program, giving more vetted defenders access to GPT-5.4-Cyber and naming banks, asset managers, and security firms already inside. (openai.com) In a post dated April 14, 2026, OpenAI said its Trusted Access for Cyber program would scale to “thousands” of verified individual defenders and “hundreds” of teams that protect critical software. The company said the first model in the program is GPT-5.4-Cyber, a version fine-tuned for defensive cybersecurity work. (openai.com) Two days later, on April 16, OpenAI published a participant list that included Bank of America, BlackRock, BNY, Citi, Cisco, Cloudflare, CrowdStrike, Goldman Sachs, JPMorgan Chase, Morgan Stanley, NVIDIA, Oracle, Palo Alto Networks, SpecterOps, and Zscaler. OpenAI also said it gave the model to the U.S. Center for AI Standards and Innovation and the U.K. AI Security Institute for evaluations of both capability and safeguards. (openai.com) Trusted Access for Cyber is not open release. OpenAI describes it as an identity- and trust-based system that places stronger cyber capabilities in “the right hands,” and its application form asks about use cases such as penetration testing, red teaming, malware reverse engineering, and cryptographic research. (openai.com ) (openai.com) The company has paired that access model with money and distribution. OpenAI said in February it was committing $10 million in API credits to cyber defense through the program, and its developer documentation says high-risk cyber work can require identity verification or enterprise-level trusted access. (openai.com 1) (openai.com 2) The timing follows a new round of competition over locked-down cyber models. Anthropic announced Claude Mythos Preview on April 7, 2026, saying it would be tested in a restricted coalition rather than released broadly. (anthropic.com) Trade press has framed OpenAI’s move as a direct enterprise push into regulated industries, especially finance, where banks want advanced testing tools but also need audit trails, access controls, and vendor assurances. One report said OpenAI’s partner list skewed more heavily toward financial institutions than Anthropic’s initial cyber coalition. (bankinfosecurity.asia) (healthcareinfosecurity.com) OpenAI has been building toward this structure for months. In a December 2025 security post, the company said more capable models could shift cyber risk and that it was investing in safeguards and outside partnerships before wider deployment. (openai.com) For now, OpenAI is treating cyber capability less like a public chatbot feature and more like controlled infrastructure. The next test is whether this vetting model can expand beyond early banks, tech firms, and government evaluators without loosening the guardrails it says are required. (openai.com)