OpenAI updates routing and Cyber access

OpenAI has changed how some users reach its newest ChatGPT models and widened a separate security program for vetted cyber defenders. (help.openai.com) (openai.com) In ChatGPT, OpenAI said on March 18, 2026 that GPT-5.4 mini is rolling out as the fallback when Plus, Pro, and other paid users hit rate limits on GPT-5.4 Thinking. The company also said enterprise customers can choose GPT-5.4 mini as the default for Auto routing. (help.openai.com 1) (help.openai.com 2) (help.openai.com 3) OpenAI said GPT-5.4 mini will not appear in the model picker, and GPT-5 Thinking mini will be retired as a selectable option 30 days after that March 18 update. OpenAI has used the same fallback pattern elsewhere, including an April 9, 2026 note that GPT-5.3 Instant Mini replaced an earlier rate-limit fallback. (help.openai.com 1) (help.openai.com 2) Auto routing is OpenAI’s default system that switches among models instead of making users pick one each time. The new setting gives enterprise administrators a lighter-weight default even as OpenAI has retired older ChatGPT models such as GPT-4o, GPT-4.1, GPT-4.1 mini, OpenAI o4-mini, and GPT-5 Instant and Thinking from the consumer picker as of February 13, 2026. (help.openai.com 1) (help.openai.com 2) The cyber side is a different product track. On April 14, 2026, OpenAI said it was scaling Trusted Access for Cyber to “thousands” of verified individual defenders and “hundreds” of teams that protect critical software, while introducing GPT-5.4-Cyber, a version of GPT-5.4 fine-tuned to be “cyber-permissive” for defensive work. (openai.com) OpenAI said GPT-5.4-Cyber is aimed at defensive tasks including reverse engineering, malware analysis, vulnerability discovery, challenge solving, and incident investigation. The company said access is limited to vetted users because the same skills that help defenders can also help attackers. (openai.com) (openai.com) Trusted Access for Cyber started as a pilot on February 5, 2026, when OpenAI paired GPT-5.3-Codex with an identity-based access program and a $10 million commitment in application programming interface credits for cyber defense. OpenAI said at the time that GPT-5.3-Codex was the first model it treated as “High” capability in cybersecurity under its Preparedness Framework. (openai.com) (openai.com) (openai.com) (openai.com) OpenAI’s developer documentation says enterprises can request trusted access for entire teams through an OpenAI representative, and individual users can verify identity through a dedicated cyber portal. The company also said it plans, over time, to move many safeguards from account-level checks to request-level checks. (developers.openai.com) (openai.com) Taken together, the two updates show OpenAI splitting its model strategy in two directions in April 2026: quieter fallback routing for mainstream ChatGPT users, and tighter, identity-gated access for the most cyber-capable tools. (help.openai.com) (openai.com)