In short: OpenAI is releasing GPT-5.4-Cyber, a model fine-tuned for defensive cybersecurity with lowered refusal boundaries and binary reverse engineering capabilities, and scaling its Trusted Access for Cyber programme to thousands of verified defenders. The move comes a week after Anthropic restricted its more powerful Mythos model to just 11 organisations, setting up a philosophical split: OpenAI bets on broad verified access while Anthropic opts for tightly gated deployment.

OpenAI is opening up its most capable cybersecurity model to thousands of vetted defenders, releasing GPT-5.4-Cyber and expanding its Trusted Access for Cyber programme in what amounts to a direct response to Anthropic’s Project Glasswing announcement last week.

GPT-5.4-Cyber is a variant of GPT-5.4 fine-tuned specifically for defensive security work. Its defining feature is a lower refusal boundary: where standard models block sensitive queries about vulnerability research, exploit analysis, or malware behaviour, this version is designed to answer them, provided the user has been verified as a legitimate security professional. The model also introduces binary reverse engineering capabilities, letting analysts examine compiled software for weaknesses without access to source code.

Trusted Access for Cyber, scaled up

The model sits inside OpenAI’s Trusted Access for Cyber (TAC) programme, which the company first launched in February alongside a $10 million cybersecurity grant fund. TAC is an identity-and-trust framework that gates access to more capable models behind verification tiers. Individual users can authenticate at chatgpt.com/cyber. Enterprises can request team-wide access through an OpenAI representative. Security researchers who need the most permissive capabilities can apply for an invite-only tier.

The April update scales the programme from a limited pilot to what OpenAI describes as “thousands of verified individual defenders and hundreds of teams responsible for defending critical software.” The company is adding new tiers, with higher verification levels unlocking more powerful features. Users approved for the top tier gain access to GPT-5.4-Cyber. There is a catch: the highest-tier users may be required to waive Zero-Data Retention, meaning OpenAI retains visibility into how the model is being used.

The approach represents a philosophical shift. Rather than relying primarily on model-level restrictions to prevent misuse, OpenAI is moving towards an access-control model that verifies who is asking before deciding what the model will answer. The company frames this around three principles: democratised access using objective verification criteria, iterative deployment that updates safety systems as risks emerge, and ecosystem resilience through grants and open-source contributions.

The Anthropic context

OpenAI’s timing is impossible to read without reference to Anthropic’s Project Glasswing, announced on 7 April. Anthropic revealed that its Claude Mythos Preview model had autonomously discovered thousands of zero-day vulnerabilities across every major operating system and web browser, including a 27-year-old bug in OpenBSD and a 17-year-old remote code execution flaw in FreeBSD that Mythos identified, exploited, and documented without human intervention.

Anthropic’s response was to restrict access severely: Mythos Preview is available only to 11 organisations, including Apple, Google, Microsoft, AWS, Cisco, CrowdStrike, and JPMorgan Chase, under a $100 million defensive initiative. The model is not publicly available, and Anthropic has said it may never be, given the risk that its exploit-generation capabilities could be misused.

OpenAI is taking the opposite bet. GPT-5.4-Cyber is less capable than Mythos in raw vulnerability discovery, but OpenAI is making it available to a far broader audience. The implicit argument is that restricting powerful security tools to a handful of tech giants leaves the vast majority of organisations, including those defending critical infrastructure, hospitals, municipal governments, and small security firms, without access to the same calibre of defensive technology.

What GPT-5.4-Cyber can do

Beyond lowered refusal boundaries, the model is built for workflows that standard ChatGPT handles poorly or refuses outright. Binary reverse engineering is the headline feature: security analysts can feed compiled executables into the model and receive analysis of potential malware behaviour, embedded vulnerabilities, and structural weaknesses. This is work that traditionally requires specialised tools like IDA Pro or Ghidra and significant manual expertise.

The model also handles dual-use queries, questions about attack techniques, exploit chains, and vulnerability classes, that standard models flag as potentially harmful. OpenAI says earlier GPT versions sometimes refused to answer legitimate defensive queries, creating friction for security professionals who needed the model to reason about adversarial techniques in order to defend against them.

Codex Security, OpenAI’s automated code-scanning tool, complements the model. Since its launch, Codex Security has contributed to more than 3,000 critical and high-severity vulnerability fixes across the open-source ecosystem. It now covers more than 1,000 open-source projects through a free scanning programme.

The dual-use problem

The fundamental tension in cybersecurity AI is that the same capabilities that help defenders also help attackers. A model that can reverse-engineer binaries for defensive analysis can, in principle, be used to find exploitable flaws for offensive purposes. OpenAI’s answer is that verification and monitoring are more effective safeguards than blanket refusal.

The company is betting that KYC-style identity verification, tiered access, and retained usage data will deter misuse more effectively than a model that refuses to discuss exploit techniques, and which sophisticated adversaries can jailbreak anyway. Research published in January found that adaptive prompt injection attacks succeed against even state-of-the-art defences more than 85% of the time, suggesting that refusal-based safety is a losing game.

But the monitoring requirement raises its own questions. Requiring top-tier users to waive Zero-Data Retention means OpenAI will see what security researchers are doing with the model, which vulnerabilities they are investigating, which systems they are probing, and which exploits they are analysing. For security teams working on sensitive or classified infrastructure, that visibility may be a dealbreaker. It also creates a single point of compromise: if OpenAI’s logs are breached, they become a roadmap to unpatched vulnerabilities across the organisations using the programme.

The emerging landscape

Between Anthropic’s restricted Mythos, OpenAI’s verified-access GPT-5.4-Cyber, and Anthropic’s separate $100 million Glasswing fund, the cybersecurity AI market is splitting into two camps. One camp says these models are too dangerous for broad access and must be gated behind invitation-only consortiums. The other says broad access, with verification, is the only way to ensure that defenders are not outgunned by adversaries who face no such constraints.

The EU AI Act, whose most substantive obligations take effect on 2 August 2026, will add another variable. High-risk AI systems, a category likely to encompass security automation tools, will need to demonstrate compliance with requirements around risk management, data governance, transparency, and human oversight. How tiered-access cybersecurity models fit within that framework remains an open question that neither OpenAI nor Anthropic has fully addressed.

For now, the practical reality is that the world’s two most prominent AI companies are racing to equip cybersecurity professionals with models capable of finding and analysing vulnerabilities at a speed and scale that was impossible a year ago. Whether that race produces a safer internet or a more dangerous one depends on how well the guardrails hold.