OpenAI Launches GPT-5.4-Cyber, Expands Trusted Access for Cyber Defenders

OpenAI has announced a new cybersecurity-focused model called GPT-5.4-Cyber and confirmed controlled rollout as it doubles down on defensive AI use cases. The variant arrives as AI companies increasingly position their systems not just for productivity, but also for security workloads. Notably, the announcement comes days after Anthropic announced Project Glasswing.

OpenAI introduces GPT-5.4-Cyber for defensive use cases

The company says GPT-5.4-Cyber is a customized version of its flagship model, designed specifically for cybersecurity defenders. It will initially be available only to vetted security vendors, approved organizations, and selected researchers under its Trusted Access for Cyber (TAC) program.

OpenAI is also scaling TAC to thousands of verified individual defenders and hundreds of security teams working on critical infrastructure. Users in higher verification tiers will gain access to more capable and less restricted versions of the model, including GPT-5.4-Cyber itself.

According to OpenAI, the goal is to support defensive workflows like vulnerability analysis, code review, and reverse engineering of compiled software. At the same time, access is being tightly controlled due to the sensitive nature of cyber-related capabilities. The company also notes that GPT-5.4-Cyber lowers refusal boundaries for legitimate security tasks, which allows researchers to work more efficiently in areas like malware analysis and system hardening.

Scaling TAC access and cybersecurity tools

OpenAI says the TAC program is being expanded with more structured tiers, where stronger identity verification unlocks higher capability levels. The company is leaning on automated verification systems, arguing that manual approvals don’t scale as demand grows across the security space.

Alongside this, OpenAI is pushing tools like Codex Security, which scans codebases, flags vulnerabilities, and suggests fixes automatically. The system has already helped resolve thousands of high and critical security issues across open-source projects, according to the company. All that said, access to more permissive models like GPT-5.4-Cyber will remain limited for now, especially in environments where user intent or system visibility is harder to verify.