OpenAI releases GPT-5.4-Cyber, a model built specifically for defensive cybersecurity

OpenAI has released GPT-5.4-Cyber, a model fine-tuned specifically for defensive cybersecurity work. For now, access is limited to verified security professionals.

OpenAI is expanding its "Trusted Access for Cyber" (TAC) program with a new model built specifically for cybersecurity: GPT-5.4-Cyber. According to OpenAI, it's a variant of GPT-5.4 that's less restrictive when it comes to defensive security work, enabling tasks like binary reverse engineering - the analysis of compiled software without access to source code.

A few hundred users will get access first, with the program expanding to thousands of verified individuals and hundreds of teams over the coming weeks. Because the model is more permissive, it comes with tighter controls: access through third-party platforms or under zero-data-retention agreements may be restricted.

Just one week earlier, competitor Anthropic unveiled Claude Mythos, an AI model specialized in finding and exploiting vulnerabilities in operating systems and browsers. Like GPT-5.4-Cyber, Mythos is only available to a restricted group of users.

Codex Security fits into OpenAI's broader cybersecurity push

Beyond the new model, OpenAI points to its existing security tool Codex Security, which automatically identifies vulnerabilities in codebases and suggests fixes. Since launch, the system has helped patch more than 3,000 critical vulnerabilities. OpenAI is also putting $10 million toward its Cybersecurity Grant Program and has reached over 1,000 open-source projects with free security scanning.

Mythos has already caused concern among financial firms and U.S. government agencies, according to Bloomberg. During a meeting with Wall Street executives, Treasury Secretary Scott Bessent and Fed Chair Jerome Powell warned attendees to take the model seriously. The Treasury Department's technology team is reportedly trying to get access to Mythos itself to check its own systems for vulnerabilities.