OpenAI's GPT-5.4-Cyber

OpenAI on April 14 released GPT-5.4-Cyber, a version of its flagship model tuned for defensive cybersecurity work and not for broad public use. (reuters.com) The rollout is limited to vetted security vendors, organizations and researchers because the model is more permissive on sensitive cyber tasks such as vulnerability research and analysis. OpenAI said users in the highest access tier can request GPT-5.4-Cyber. (openai.com) OpenAI is also expanding its Trusted Access for Cyber program to thousands of verified individual defenders and hundreds of teams that protect critical software. The company said the new tiers use higher levels of verification to unlock stronger capabilities. (openai.com) Cybersecurity is the business of finding and fixing weaknesses in software before attackers exploit them. OpenAI said it fine-tuned GPT-5.4-Cyber to be “cyber-permissive,” meaning it is more willing than a general model to help approved users with defensive security workflows. (openai.com) The guarded launch comes one week after Anthropic announced Mythos, another frontier model aimed at defensive cyber use under a controlled release program called Project Glasswing. Reuters reported Anthropic said Mythos had found thousands of major vulnerabilities in operating systems, web browsers and other software. (reuters.com) OpenAI is taking a different distribution path from a normal product launch. Axios reported the company paired the model release with a tiered access plan that gives more latitude to verified users while keeping tighter controls on everyone else. (axios.com) The company has been building this structure for months. In February, OpenAI introduced Trusted Access for Cyber and committed $10 million in application programming interface credits to speed adoption of AI tools for defense work. (openai.com) OpenAI said the program is meant for use cases including penetration testing, red teaming, vulnerability assessment, malware reverse engineering, cryptographic research and threat intelligence investigations. Its application form asks organizations to list countries of use and security certifications such as International Organization for Standardization 27001, System and Organization Controls 2 and Federal Risk and Authorization Management Program. (openai.com) Reuters reported OpenAI’s release lands as model makers grow more cautious about cyber misuse even while they argue the same systems can help defenders move faster. For now, OpenAI is betting that tighter identity checks and narrower distribution are the price of putting a stronger cyber model into real-world hands. (reuters.com)