OpenAI releases GPT‑5.4‑Cyber to defenders

OpenAI has started rolling out GPT-5.4-Cyber, a version of its GPT-5.4 model tuned for defensive cybersecurity work, to a limited group of vetted users. (openai.com) The company said on April 14 that the model is available through its Trusted Access for Cyber program, which it is expanding to thousands of verified individual defenders and hundreds of teams that protect critical software. (openai.com) GPT-5.4-Cyber is designed to help find and fix software vulnerabilities, and OpenAI said it is training the model to be more “cyber-permissive” for defensive tasks while still blocking malware creation, data theft, destructive actions, and unauthorized testing. (openai.com) Cybersecurity work here means looking for weak spots in code and systems before attackers do. OpenAI said more capable models are coming “over the next few months,” and framed this release as preparation for that shift. (openai.com) The release landed one week after Anthropic announced Mythos on April 7, a model it said would be shared only with selected organizations for defensive cybersecurity under a controlled program. (nytimes.com) Reuters reported that OpenAI unveiled GPT-5.4-Cyber on Tuesday, April 14, following Anthropic’s Mythos announcement, while Bloomberg reported that OpenAI is offering the model to some participants in the Trusted Access for Cyber program it introduced in February. (reuters.com) (bloomberg.com) This is a narrower release than GPT-5.4 itself. OpenAI introduced GPT-5.4 on March 5 as a general-purpose model for ChatGPT, the application programming interface, and Codex, with a context window of up to 1 million tokens and built-in computer-use features. (openai.com) OpenAI had already signaled that cyber risk was becoming a bigger part of its safety work. Its GPT-5.4 system card, published in March, said GPT-5.4 Thinking was the first general-purpose model in the GPT-5 series to include mitigations for “High capability in Cybersecurity.” (openai.com) The company first launched Trusted Access for Cyber in February and said then that it would commit $10 million in application programming interface credits for cyber defense work. That program was built to lower friction for defenders while screening out misuse. (openai.com) The immediate result is that OpenAI is not putting this model into broad public release. It is testing a more specialized path: stronger cyber capabilities, narrower access, and identity checks before use. (openai.com)