OpenAI GPT‑5.4‑Cyber

OpenAI has started giving vetted security professionals access to GPT‑5.4‑Cyber, a new model tuned for defensive hacking work. (openai.com) Cybersecurity work often starts with finding weak spots before criminals do. OpenAI said GPT‑5.4‑Cyber is a variant of GPT‑5.4 trained to be “cyber-permissive” for approved defensive tasks, and it is rolling the Trusted Access for Cyber program out to thousands of verified individual defenders and hundreds of teams. (openai.com) OpenAI said access will require Know Your Customer checks and identity verification rather than a public release. The company said the program is meant for people defending critical software, public services, and other digital systems. (openai.com) Some of the work this model is meant to help with is the software equivalent of taking apart a locked machine to see how it works. Coverage of the launch said GPT‑5.4‑Cyber is aimed at binary reverse engineering, vulnerability analysis, and malware analysis, which are jobs security teams use to inspect code they did not write and patch flaws before attackers exploit them. (cyberscoop.com) The release follows OpenAI’s March 5, 2026 launch of GPT‑5.4, which the company described as its flagship model for professional work with coding, tool search, computer use, and a context window of about 1 million tokens. OpenAI’s March system card for GPT‑5.4 also said the model family was the first general-purpose OpenAI release with mitigations for “High capability in Cybersecurity.” (openai.com, openai.com) OpenAI tied the new cyber model to a broader safety strategy it has been building since 2023. The company said it began evaluating cyber capabilities in 2023, added cyber-specific safeguards in 2025, and launched Codex Security earlier in 2026 to help find and fix vulnerabilities at scale. (openai.com) The timing also puts OpenAI next to Anthropic, which recently introduced Claude Mythos through a restricted program called Project Glasswing. CyberScoop reported OpenAI’s April 14 announcement came about a week after Anthropic’s rollout, and Axios said OpenAI is trying a different access strategy while facing similar misuse risks. (cyberscoop.com, axios.com) OpenAI said it does not want to “centrally decide” which sectors get to defend themselves, so it is using verification and accountability rules instead of limiting access to a short list of large companies. That approach gives OpenAI a live test of whether tightly screened access can widen defensive use without turning advanced cyber tools into a broader attack aid. (openai.com, cyberscoop.com) For now, GPT‑5.4‑Cyber is less a consumer product than a gatekept security instrument. OpenAI’s next step is not a mass launch, but a controlled expansion to more verified defenders as stronger cyber-capable models arrive in the coming months. (openai.com)