OpenAI's GPT‑5.4‑Cyber

OpenAI has started giving a new model, GPT‑5.4‑Cyber, to vetted security users through its Trusted Access for Cyber program. (openai.com) OpenAI said on April 14 it is expanding Trusted Access for Cyber, or TAC, to “thousands of verified individual defenders” and “hundreds of teams” that protect critical software. The company described GPT‑5.4‑Cyber as a GPT‑5.4 variant trained to be “cyber-permissive” for defensive work. (openai.com) In plain terms, cybersecurity models help analysts inspect malicious code, trace attacks, and find software flaws faster than manual review. OpenAI said GPT‑5.4‑Cyber is tuned for tasks including binary reverse engineering, which means analyzing compiled software when source code is unavailable. (openai.com) OpenAI is not putting this model into broad public release. Its TAC system uses identity and trust checks, and OpenAI’s developer documentation says high-risk cyber users can verify identity while enterprises can request trusted access for teams through company representatives. (openai.com ) (developers.openai.com) The company framed the move as preparation for more capable models in the next few months. OpenAI also said it has given GPT‑5.4‑Cyber access to the U.S. Center for AI Standards and Innovation and the U.K. AI Security Institute for evaluations of cyber capability and safeguards. (openai.com 1) (openai.com 2) The rollout lands days after Anthropic published details on Claude Mythos Preview, a separate restricted model for cybersecurity. Anthropic said its own testing found Mythos Preview could identify and exploit zero-day vulnerabilities in every major operating system and major web browser when a user directed it to do so. (red.anthropic.com) A U.K. government evaluation of Mythos Preview said the model showed continued gains on capture-the-flag tests and “significant improvement” on multi-step cyber-attack simulations. That public warning helped set the backdrop for OpenAI’s narrower, identity-gated release instead of a general launch. (aisi.gov.uk) (openai.com) OpenAI has been building this access structure for months. In February, it introduced Trusted Access for Cyber as a pilot, said it would commit $10 million in API credits for cyber defense, and opened an application path for enterprises and security practitioners. (openai.com 1) (openai.com 2) OpenAI said companies already participating in its cyber defense effort include Bank of America, BlackRock, Cisco, Cloudflare, CrowdStrike, Goldman Sachs, NVIDIA, Oracle, Palo Alto Networks, and Zscaler. The company said those partners are using TAC and GPT‑5.4‑Cyber to test defensive workflows and strengthen protections. (openai.com) For now, the message from both major labs is similar: the newest cyber-capable models are being released first to named, verified defenders rather than to the open internet. OpenAI’s TAC expansion turns that approach into a formal channel with identity checks, outside evaluations, and a growing list of security teams inside the gate. (openai.com) (red.anthropic.com)