OpenAI rolls out vuln model

OpenAI said on April 14 that it is rolling out GPT-5.4-Cyber, a vulnerability-hunting model, to vetted security users instead of the general public. (openai.com) The company said it is expanding its Trusted Access for Cyber program to thousands of verified individual defenders and hundreds of teams that protect critical software. OpenAI described GPT-5.4-Cyber as a fine-tuned version of GPT-5.4 that is “cyber-permissive” for defensive work. (openai.com) Reuters reported the release came one week after Anthropic announced Mythos, a competing model aimed at spotting software vulnerabilities, and said OpenAI is limiting access to a select group of users. Axios reported OpenAI paired the launch with a tiered-access plan for more advanced cyber tools. (reuters.com) (axios.com) A software vulnerability is a flaw in code that can let an attacker break in, steal data or crash systems. Models like GPT-5.4-Cyber are built to help defenders find those flaws faster, before criminals do. (openai.com) OpenAI said it has been evaluating cyber capabilities since 2023, added cyber-specific safeguards in 2025, and launched Codex Security earlier in 2026 to help identify and fix bugs at scale. Its March 5 system card for GPT-5.4 Thinking said that model was the first general-purpose OpenAI system with mitigations for “High capability in Cybersecurity.” (openai.com 1) (openai.com 2) Anthropic took a tighter approach. The company said on April 8 that its Mythos Preview model had found thousands of high-severity zero-day flaws across major operating systems and browsers, and it restricted the model to a small Project Glasswing group that included Amazon Web Services, Apple, Google, Microsoft and JPMorgan Chase. (thehackernews.com) Banks have already started reacting. Bloomberg reported on April 13 that Goldman Sachs Chief Executive David Solomon said the bank was “supplementing” its cyber and infrastructure resilience after regulators warned large United States banks about Anthropic’s latest model. (bloomberg.com) Solomon said Goldman was working with Anthropic and its security vendors, and Bloomberg reported that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell had called Wall Street leaders to an urgent meeting on the cyber risks tied to Mythos. Solomon also said cybersecurity has “long been at the core” of Goldman’s business. (bloomberg.com) OpenAI said its own strategy is broader access with identity checks, staged deployment and stronger safeguards against misuse. The immediate test is whether vetted defenders can use these models to patch real systems faster than attackers can adapt to the same capabilities. (openai.com)