OpenAI unveils GPT‑5.4‑Cyber
OpenAI announced GPT‑5.4‑Cyber, a variant tuned for defensive cybersecurity tasks and legitimate vulnerability research. Reports describe it as a 'cyber‑permissive' model and note OpenAI is expanding its Trusted Access for Cyber programme around the release. ( )
OpenAI on April 14 introduced GPT‑5.4‑Cyber, a new version of its GPT‑5.4 model built for defensive cybersecurity work and limited to vetted users. (openai.com) Cybersecurity work often means finding weak spots before criminals do, from buggy code to suspicious software files. OpenAI said GPT‑5.4‑Cyber is tuned to lower refusal rates for legitimate security tasks and add tools such as binary reverse engineering, which lets researchers inspect compiled software without the original source code. (openai.com; 9to5mac.com) OpenAI said the model is starting in a limited rollout to vetted security vendors, organizations, and researchers because it is more permissive than its standard models. The company is also expanding Trusted Access for Cyber, or TAC, to thousands of verified individual defenders and hundreds of teams that protect critical software. (money.usnews.com; openai.com) OpenAI launched TAC in February and said it is now adding tiers, with stronger identity checks unlocking stronger capabilities. The highest tier gets access to GPT‑5.4‑Cyber, and OpenAI said individual users can verify through a dedicated cyber access flow while enterprise teams can apply through company contacts. (money.usnews.com; 9to5mac.com) The release comes one week after Anthropic announced Mythos on April 7 under a controlled program called Project Glasswing. Reuters reported Anthropic said Mythos had already found “thousands” of major vulnerabilities in operating systems, web browsers, and other software. (money.usnews.com) OpenAI is framing the new model as part of a broader plan to put more capable cyber tools in defenders’ hands as its systems get stronger over the next few months. In its April 14 post, the company said it has been evaluating cyber capabilities since 2023, added cyber-specific safeguards in 2025, and earlier this year launched Codex Security to help find and fix vulnerabilities at scale. (openai.com) The company also said it wants wider access, not a permanent small club, but only with stronger screening and staged deployment. Its stated approach is to expand availability over time while improving resistance to jailbreaks and other misuse attempts. (openai.com) For now, the message from OpenAI is that the next wave of cyber-capable artificial intelligence models will not be released like ordinary chatbots. They will arrive behind identity checks, usage tiers, and a growing list of trusted defenders. (openai.com; money.usnews.com)
