OpenAI limits GPT-5.4 access

OpenAI said on April 14 that it will give its new GPT-5.4-Cyber model only to vetted defenders and selected partners, not the general public. (openai.com) The model is a version of GPT-5.4 tuned for defensive security work, such as finding software flaws so companies can patch them. OpenAI said GPT-5.4-Cyber will be available through its Trusted Access for Cyber program, which it launched in February 2026. (openai.com 1) (openai.com 2) OpenAI said it is expanding that program to “thousands” of verified individual defenders and “hundreds” of teams that protect critical software. Bloomberg reported the highest access tier unlocks GPT-5.4-Cyber for some participants in the program. (openai.com) (bloomberg.com) Cybersecurity is the business of finding and fixing weaknesses before attackers use them. OpenAI said newer models can now work on complex tasks for hours or days, which makes them more useful for defenders and more risky if misused. (openai.com) That is why OpenAI is shifting from blanket refusals to identity checks and tiered access for some cyber tools. In its February launch post, the company said a prompt like “find vulnerabilities in my code” can describe either legitimate patching or harmful reconnaissance. (openai.com) The timing is not accidental. Anthropic said on April 9 that it was limiting release of its Mythos model to a small group of large companies and organizations because the model was unusually capable at finding software exploits. (techcrunch.com) (nytimes.com) OpenAI is also building products around that same use case. On March 6, it introduced Codex Security, an application security agent that analyzes code, validates likely bugs, and proposes fixes; the company said it is rolling out in research preview to ChatGPT Pro, Enterprise, Business, and Edu customers. (openai.com) OpenAI said its cyber program dates to 2023, when it started a Cybersecurity Grant Program and began evaluating model cyber capabilities. The company added cyber-specific safeguards to model deployments in 2025 and said GPT-5.4-Cyber is part of preparation for “more capable models” expected in the next few months. (openai.com) Not everyone reads these limited releases the same way. TechCrunch reported that some critics see the safety rationale as overlapping with a business strategy that favors large enterprise contracts and makes top-end models harder for smaller rivals to study or copy. (techcrunch.com) For now, OpenAI’s message is that its most permissive cyber model will move behind stronger identity checks instead of wider public release. The next test is whether that trust-based system expands access without making powerful vulnerability-finding tools easier to abuse. (openai.com)