OpenAI rolls out GPT‑5.4‑Cyber

OpenAI on April 14 began rolling out GPT-5.4-Cyber, a version of its GPT-5.4 model tuned for defensive cybersecurity work and offered only to vetted users. (openai.com) (money.usnews.com) Cybersecurity models are built to help defenders find software flaws before criminals do, the same way a building inspector looks for weak points before a break-in. OpenAI said GPT-5.4-Cyber is “cyber-permissive,” meaning it is less likely than a general chatbot to refuse legitimate vulnerability research and analysis. (openai.com) (techxplore.com) The company tied the launch to an expansion of its Trusted Access for Cyber program, or TAC, which now covers thousands of verified individual defenders and hundreds of teams that protect critical software. OpenAI said users in the highest verification tiers can request access to GPT-5.4-Cyber. (openai.com) (money.usnews.com) OpenAI launched TAC in February, and the new policy adds tiers so stronger identity checks unlock more capable cyber tools. Axios reported the company is pairing broader access with tighter controls on who gets to use advanced models. (money.usnews.com) (axios.com) The release came one week after Anthropic announced Claude Mythos Preview on April 7 under a restricted program called Project Glasswing. Reuters reported Anthropic said select partners could use Mythos for defensive work, and Anthropic’s own project page lists launch partners including Amazon Web Services, Apple, Google, JPMorganChase, Microsoft, NVIDIA and Palo Alto Networks. (money.usnews.com) (anthropic.com) Both companies are reacting to the same problem: the same code-writing ability that helps patch bugs can also help attackers search for exploitable ones. Tech Xplore, citing OpenAI and Anthropic, described the restricted rollouts as a response to fears that more capable models could accelerate both defense and hacking. (techxplore.com) OpenAI is framing its answer differently from Anthropic’s. OpenAI said it does not want to “arbitrarily” decide who can defend themselves and is instead using know-your-customer checks, identity verification and automated criteria to widen access for legitimate defenders over time. (openai.com) (techxplore.com) The company also placed the move inside a longer cyber push that started with a Cybersecurity Grant Program in 2023, added cyber-specific safeguards in 2025, and launched Codex Security earlier in 2026 to help find and fix vulnerabilities at scale. OpenAI said GPT-5.4-Cyber is the first in what it expects will be a series of more specialized releases over the next few months. (openai.com) For now, GPT-5.4-Cyber is not a public chatbot release. It is a gated test of whether OpenAI can put a more capable security model in more defenders’ hands without putting the same tool in attackers’ hands too easily. (openai.com) (bloomberg.com)