OpenAI–Microsoft Cyber Pact

OpenAI has given Microsoft privileged access to its most cyber-capable artificial intelligence models for defensive security work through a program called Trusted Access for Cyber. (openai.com) OpenAI launched Trusted Access for Cyber on February 5, 2026, as an identity-checked program for defenders, then expanded it on April 14 with GPT-5.4-Cyber, a version fine-tuned for defensive cybersecurity tasks. (openai.com) On April 16, OpenAI said Microsoft was among the first enterprises in the program, alongside firms including Cisco, Cloudflare, CrowdStrike, Goldman Sachs, NVIDIA, Oracle, Palo Alto Networks, and Zscaler. (openai.com) The basic idea is simple: newer models can find software flaws faster, explain how attacks chain together, and help write proof-of-concept code, so companies are trying to put that speed on the defender side before attackers exploit it. (microsoft.com) OpenAI says the same capability creates risk, because a request like “find vulnerabilities in my code” can support legitimate patching or criminal intrusion, so access is being widened through verification, monitoring, and model-specific safeguards instead of being opened without checks. (openai.com) Microsoft has been building around that use case inside its own security organization. On April 7, the Microsoft Security Response Center said AI was already being used across Microsoft’s environment, core platforms, services, and customer security products. (microsoft.com) By April 22, Microsoft said frontier models could autonomously discover weaknesses, combine lower-severity bugs into working exploits, and shrink the time between discovery and abuse, while also helping defenders speed up detection engineering and mitigation. (microsoft.com) The cyber tie-up also lands in a partnership that has been under visible strain in other areas. In a joint statement on February 27, Microsoft and OpenAI said their broader relationship remained unchanged even as OpenAI added funding and partners outside Microsoft. (microsoft.com) That makes the security arrangement narrower than the companies’ older all-purpose alliance: Microsoft gets access to advanced OpenAI cyber models for enterprise defense workflows, while OpenAI gets a major customer and a security operator already testing frontier systems in production-like environments. (openai.com) OpenAI says it plans to keep expanding Trusted Access for Cyber as model capability rises, with more verified defenders, more safeguards, and more real-world testing. Microsoft is positioning itself as one of the first large enterprises in that queue. (openai.com)