OpenAI releases GPT-5.4-Cyber, a cybersecurity-focused model limited to verified security professionals

OpenAI has released GPT-5.4-Cyber, a fine-tuned variant of GPT-5.4 built for defensive cybersecurity work including binary reverse engineering. Access is initially restricted to a few hundred verified security professionals.

Access restrictions and rollout

The model is being distributed through OpenAI's "Trusted Access for Cyber" (TAC) program. A few hundred users have initial access, with OpenAI planning to expand to thousands of verified individuals and hundreds of teams over the coming weeks.

According to OpenAI, GPT-5.4-Cyber is less restrictive than standard models when performing defensive security tasks. The company specifically highlights binary reverse engineering — analyzing compiled software without source code access — as a key capability.

Because of the model's more permissive nature, OpenAI has implemented tighter access controls. Access through third-party platforms or under zero-data-retention agreements may be restricted.

Direct competition with Anthropic

The release comes one week after Anthropic unveiled Claude Mythos, an AI model specialized in finding and exploiting vulnerabilities in operating systems and browsers. Like GPT-5.4-Cyber, Mythos is only available to a restricted user group.

According to Bloomberg, Mythos has already raised concerns among financial firms and U.S. government agencies. Treasury Secretary Scott Bessent and Fed Chair Jerome Powell reportedly warned Wall Street executives to take the model seriously during a meeting. The Treasury Department's technology team is attempting to obtain access to Mythos to check its own systems for vulnerabilities.

Broader cybersecurity push

Beyond the new model, OpenAI points to its existing Codex Security tool, which automatically identifies vulnerabilities in codebases and suggests fixes. The company claims the system has helped patch more than 3,000 critical vulnerabilities since launch.

OpenAI is allocating $10 million to its Cybersecurity Grant Program and reports reaching over 1,000 open-source projects with free security scanning.

What this means

The near-simultaneous releases of GPT-5.4-Cyber and Claude Mythos signal a new competitive front in AI development: specialized models for security work. The restricted access approach reflects industry awareness that these capabilities could be weaponized if widely available. The Treasury Department's scramble to access Mythos for defensive purposes shows how quickly government agencies are moving to assess AI-powered security tools — both as threats and potential defenses.