OpenAI releases GPT-5.4-Cyber with tiered access verification system for cybersecurity work

OpenAI released GPT-5.4-Cyber, a model variant designed to assist with defensive cybersecurity tasks while implementing tiered access controls. The release marks a strategic shift toward verifying users rather than restricting model capabilities.

The company plans to expand access to thousands of individuals and hundreds of security teams through its Trusted Access for Cyber program, according to an OpenAI blog post. Users must complete verification checks to access higher capability tiers.

Tiered access structure

GPT-5.4-Cyber is available exclusively to users approved for the highest verification tier. According to OpenAI, the model has fewer restrictions on sensitive cybersecurity tasks including vulnerability research and analysis.

The model was developed to reduce "unnecessary friction" after security partners reported that earlier GPT models sometimes refused to answer dual-use cyber queries. Initial access is limited to vetted security vendors, organizations, and researchers, with broader availability planned over time.

OpenAI is not currently offering GPT-5.4-Cyber access to U.S. government agencies but is in ongoing discussions, according to company representatives.

Contrasting approaches to cyber AI

OpenAI's rollout differs significantly from Anthropic's approach with Mythos Preview, which is restricted to approximately 40 organizations. Anthropic warned that Mythos was too dangerous to release widely due to its capability in finding and exploiting security flaws.

"This is a team sport, we need to make sure that every single team is empowered to secure their systems," Fouad Matin, a cyber researcher at OpenAI, told reporters. "No one should be in the business of picking winners and losers when it comes to cybersecurity."

OpenAI's strategy focuses on making tools "as widely available as possible while preventing misuse" through identity verification and monitoring systems.

Technical requirements and limitations

Running models with these capabilities requires significant computing power, which may limit practical adoption. Pricing details for GPT-5.4-Cyber were not disclosed.

The onboarding process is expected to take time as OpenAI reviews and verifies users. The company acknowledged the rollout will be gradual.

Industry concerns

Some security experts argue that many vulnerabilities identified by AI tools are not necessarily novel or easily exploitable. However, the speed at which these models are finding security flaws and their rapid advancement rate is concerning government officials and global business leaders, according to reports from CNBC and Bloomberg.

What this means

OpenAI is betting that wide distribution to verified defenders is a better cybersecurity strategy than highly restricted access. The tiered verification approach attempts to balance broad availability for legitimate security work against misuse risks. Whether this model succeeds depends on OpenAI's ability to maintain effective verification systems at scale and prevent malicious actors from gaining access. The computing costs may also limit adoption among smaller security teams who lack infrastructure budgets.