OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that’s specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos.
“The progressive use of AI accelerates defenders – those responsible for keeping systems, data, and users safe – enabling them to find and fix problems faster in the digital infrastructure everyone relies on,” OpenAI said.
In conjunction with the announcement, the artificial intelligence (AI) company said it’s ramping up its Trusted Access for Cyber (TAC) program to thousands of authenticated individual defenders and hundreds of teams responsible for securing critical software.
AI systems are inherently dual-use, as bad actors can repurpose technologies developed for legitimate applications to their own advantage and achieve malicious goals. One core area of concern is that adversaries could invert the models fine-tuned for software defense to detect and exploit vulnerabilities in widely-used software before they can be patched, exposing users to significant risks.
OpenAI said the goal is to democratize access to its models while minimizing such misuse, as well as strengthening its safeguards through a deliberate, iterative rollout. The idea is to enable responsible use at scale, give defenders a head start, and simultaneously shore up guardrails against jailbreaks and adversarial prompt injections as model capabilities become more advanced.
“As model capabilities advance, our approach is to scale cyber defense in lockstep: broadening access for legitimate defenders while continuing to strengthen safeguards,” the company added.
The ChatGPT maker, which launched Codex Security as a way to find, validate, and propose fixes for vulnerabilities, revealed that the AI-powered application security agent has contributed to over 3,000 critical and high fixed vulnerabilities.
OpenAI’s limited release follows the preview of Anthropic’s Mythos, a frontier model that’s being deployed in a controlled manner as part of Project Glasswing. The model, the company said, found “thousands” of vulnerabilities in operating systems, web browsers, and other software.
“The strongest ecosystem is one that continuously identifies, validates, and fixes security issues as software is written,” OpenAI said. “By integrating advanced coding models and agentic capabilities into developer workflows, we can give developers immediate, actionable feedback while they are building, shifting security from episodic audits and static bug inventories to ongoing, tangible risk reduction.”
