OpenAI rolls out GPT‑5.4‑Cyber

OpenAI has started offering GPT‑5.4‑Cyber, a version of its flagship model tuned for defensive cybersecurity, through a restricted access program for vetted defenders. (openai.com) Cybersecurity work often means finding software flaws before attackers do, like checking a building for unlocked doors. OpenAI said GPT‑5.4‑Cyber is trained to be more “cyber‑permissive” for those defensive tasks and is being released first through its Trusted Access for Cyber program. (openai.com) OpenAI said on April 14, 2026 that it is expanding that program to thousands of verified individual defenders and hundreds of teams that protect critical software. The company said access will be phased in with identity checks, organizational review, and other restrictions rather than opened to the public at once. (openai.com) The model sits on top of GPT‑5.4, which OpenAI released on March 5, 2026 with a one million token context window and stronger coding and computer-use features. That base matters in cyber work because defenders often need a model to read long codebases, trace dependencies, and test fixes across many files at once. (openai.com) OpenAI said its internal and benchmark testing showed GPT‑5.4‑Cyber improved on capture the flag tasks, a standard security contest format in which teams solve hacking puzzles to prove they found a weakness or exploit path. Reuters reported the release came one week after Anthropic announced Mythos, its own frontier model for cybersecurity use. (openai.com) (reuters.com) The timing follows months of warnings from OpenAI that stronger models can help defenders and attackers at the same time. In December 2025, the company said cyber capabilities were advancing rapidly and that it was investing in safeguards, evaluations, and partnerships with outside security experts. (openai.com) Those safeguards already shape how OpenAI handles cyber-capable systems. In its April 2025 Preparedness Framework update, OpenAI said it tracks frontier model risk in categories including cybersecurity and uses capability thresholds to decide what protections are required before deployment. (openai.com) OpenAI’s developer documentation says extra automated safeguards already apply to models it classifies as having “High Cybersecurity Capability,” including monitoring for signs of harmful cyber misuse in application programming interface use. That means the company is pairing broader defender access with tighter controls on how advanced cyber behavior is exposed. (developers.openai.com) Axios reported OpenAI is using a tiered access plan for advanced cyber models, with different levels of access depending on who the user is and what work they do. The company told Axios the goal is to get stronger tools into the hands of legitimate security teams without making them broadly available to unknown users. (axios.com) For now, GPT‑5.4‑Cyber is not a mass-market launch. OpenAI is treating it more like a controlled security tool rollout, with the next test coming from how many vetted defenders it can onboard without loosening the guardrails it says will stay in place. (openai.com)