OpenAI gates a cyber model

OpenAI has built a new artificial intelligence model for cyber defense, but most people will not be able to use it. (money.usnews.com) The model, GPT-5.4-Cyber, was announced Tuesday, April 14, 2026, as a version of OpenAI’s GPT-5.4 tuned for defensive cybersecurity work such as vulnerability research and analysis. OpenAI said it will start with a limited rollout to vetted security vendors, organizations and researchers. (money.usnews.com) OpenAI is distributing the model through Trusted Access for Cyber, or TAC, a program it launched on February 5, 2026. The company said it is now expanding TAC to thousands of verified individual defenders and hundreds of teams that protect critical software. (openai.com, openai.com) Cybersecurity models are built to look for flaws in software before attackers find them. OpenAI said GPT-5.4-Cyber is “cyber-permissive,” meaning it is trained to allow more sensitive defensive tasks than a general chatbot would normally accept. (openai.com, money.usnews.com) That looser setting is the reason OpenAI is gating access instead of releasing the model broadly in ChatGPT or the public application programming interface. The company said higher TAC tiers require stronger identity checks and verification before users can unlock more powerful cyber capabilities. (money.usnews.com, openai.com) The timing follows a similar move from Anthropic, which announced Claude Mythos Preview on April 7, 2026. Anthropic said that model is being used in Project Glasswing, a controlled program with launch partners including Amazon Web Services, Apple, Cisco, Google, Microsoft, Nvidia and Palo Alto Networks. (money.usnews.com, anthropic.com) Anthropic said Project Glasswing has also been extended to more than 40 additional organizations that build or maintain critical software infrastructure, with up to $100 million in usage credits and $4 million in donations to open-source security groups. Reuters reported Anthropic said Mythos had found “thousands” of major vulnerabilities in operating systems, web browsers and other software. (anthropic.com, money.usnews.com) OpenAI has been preparing for this category of risk for more than a year. In its Preparedness Framework, updated April 15, 2025, the company listed cybersecurity as one of the frontier capability areas that can help protect systems but can also create risks of scaled cyberattacks and vulnerability exploitation. (cdn.openai.com) OpenAI made the same point when it launched TAC in February, saying a request like “find vulnerabilities in my code” can support responsible patching or help someone exploit a system. GPT-5.4-Cyber is OpenAI’s answer to that problem: a more permissive model, but only for users the company says it can verify. (openai.com, openai.com)