OpenAI launches GPT‑5.4‑Cyber

OpenAI has launched GPT‑5.4‑Cyber, a version of its flagship model tuned for defensive cybersecurity work and limited to vetted users. (openai.com) The company said on April 14 it is expanding its Trusted Access for Cyber program to “thousands” of verified individual defenders and “hundreds” of teams that protect critical software. Reuters reported the release came one week after Anthropic announced its own restricted cyber model, Mythos, on April 7. (openai.com) (reuters.com) Cybersecurity work here means using an artificial intelligence system to inspect code like a mechanic opening an engine, then helping with reverse engineering, vulnerability discovery, and malware analysis. OpenAI said GPT‑5.4‑Cyber is a “cyber-permissive” variant, meaning it is trained to be more willing to help with defensive security tasks than a general chatbot. (openai.com) OpenAI is not releasing that extra capability broadly. Axios reported the company set up tiered access tied to verification, with stronger capabilities unlocked only after additional checks on identity and defender status. (axios.com) (openai.com) The company framed the move as preparation for more capable models “over the next few months.” In the same post, OpenAI said it is pairing wider defender access with stronger safeguards and support for the wider security ecosystem. (openai.com) GPT‑5.4‑Cyber sits on top of GPT‑5.4, which OpenAI introduced on March 5 as its flagship model for professional work with a context window of up to 1 million tokens and built-in computer-use features in the application programming interface and Codex. That matters for security work because long investigations often involve large codebases, logs, and malware samples. (openai.com) (developers.openai.com) OpenAI’s existing safety materials already treated cyber misuse as a major risk area. In its GPT‑5.4 system card, published in March, the company said its cyber safety approach built on controls used in GPT‑5.3 Codex, another code-focused system. (openai.com) Anthropic’s April 7 Mythos announcement helped set the backdrop for this release. Reuters said Anthropic’s model was being deployed through a controlled program called Project Glasswing for select organizations doing defensive cybersecurity work, and OpenAI is now pursuing its own restricted-access path rather than a public launch. (reuters.com) The immediate change is not that anyone can ask ChatGPT to hunt software flaws. The change is that OpenAI is building a separate lane for verified defenders, with more capability behind more checks, as cyber tools become a central test case for how frontier artificial intelligence gets distributed. (openai.com) (axios.com)