OpenAI has released GPT-5.4-Cyber, a variant of its flagship model fine-tuned for defensive cybersecurity operations.
The launch follows Anthropic’s debut of Mythos and Project Glasswing last week, putting both AI giants on parallel tracks to equip security teams with purpose-built frontier models.
GPT-5.4-Cyber is reportedly built to relax the content-refusal guardrails that typically restrict security-adjacent prompts in standard models. It also introduces binary reverse engineering support, letting analysts examine compiled software for malware indicators and vulnerabilities without needing access to source code.
Alongside the model, OpenAI is significantly expanding the Trusted Access for Cyber (TAC) program, which it launched in February alongside a $10 million cybersecurity grant. The company said it is planning to onboard thousands of individually verified defenders and hundreds of teams responsible for protecting critical infrastructure.
TAC now operates with multiple tiers of identity verification, where higher verification levels unlock progressively more powerful model capabilities.
“Our approach [is to scale] cyber defense in lockstep with increasing model capabilities to guide the testing and deployment of future releases,” the AI giant said in a blog post published on April 14.
Codex Security Surpasses 3,000 Fixed Vulnerabilities
OpenAI also shared new numbers on Codex Security, its AI-powered application security agent. Since the tool’s research preview launched earlier this year, it has reportedly contributed to remediating more than 3,000 critical and high-severity vulnerabilities.
For context, Codex Security monitors codebases continuously, validates flagged issues, and proposes patches, functioning as an automated layer within existing developer workflows.
Because GPT-5.4-Cyber is more permissive than previous releases, OpenAI (like Anthropic with Mythos) is restricting early access to vetted security vendors, researchers, and organizations.
Deployments involving zero-data-retention configurations or third-party platforms will face additional limitations while the company builds out its oversight processes.
The broader context is worth noting. As AI models grow more capable, the gap between what defenders and attackers can do with them narrows.
Both OpenAI and Anthropic are now betting that getting frontier tools into the right hands early is the most practical way to keep that balance tilted toward defense.
