GPT 5.4-Cyber & OpenAI's Trusted Access for Cyber Programme

There is new wind in the arena for AI cyber defence and it is coming from OpenAI’s new release – GPT‑5.4‑Cyber. 

Committing US$10m in API credits through its Cybersecurity Grant Program and scaling its Trusted Access for Cyber (TAC) to defenders, OpenAI is strengthening its position amongst cyber defenders. 

As AI continues to evolve, OpenAI expects cybersecurity to become increasingly proactive rather than reactive, with intelligent systems playing a central role in detecting and preventing threats before they escalate. 

As AI cyber capabilities can power both offence and defence, OpenAI's TAC ensures that access to such powerful tools rests firmly in the hands of the defenders. 

TAC already has seen widespread adoption with enterprises such as Bank of America, BlackRock, BNY, Citi, Cisco, Cloudflare, CrowdStrike, Goldman Sachs, iVerify, JPMorgan Chase, Morgan Stanley, NVIDIA, Oracle, Palo Alto Networks, SpecterOps, US Bank and Zscaler⁠ signing up. 

The capabilities are also being shared with the US Center for AI Standards and Innovation (CAISI) and the UK AI Security Institute (UK AISI).

GPT-5.4-Cyber built for defensive security

GPT-5.4-Cyber is a model designed specifically for defensive security use cases. 

It is tuned to support tasks such as vulnerability discovery, code analysis and incident response, where structured reasoning is critical.

Unlike general purpose models, GPT-5.4-Cyber is intended to operate within security constrained environments. It helps teams trace complex logic chains, analyse software behaviour and identify weaknesses earlier in the development cycle.

The focus is on defensive capability rather than offensive application. By embedding the model into security workflows, OpenAI aims to help organisations reduce exposure before vulnerabilities are exploited.

Industry leaders see this direction as inevitable. Lee Klarich, Chief Technology and Product Officer at Palo Alto Networks writes on his LinkedIn: “The release of the newest frontier AI models marks a turning point for cybersecurity.

“As a member of Anthropic’s Project Glasswing as well as OpenAI’s Trusted Access for Cyber programme, we’ve had a front row seat to the incredible advances of these models.

“Our early testing of Anthropic’s Claude Mythos Preview model reveals that frontier AI models are extraordinarily capable at finding vulnerabilities and generating corresponding exploits. 

“Perhaps more eye opening is their ability to find attack paths through vulnerability chaining and logic-based exposure.

“In the hands of defenders, this is incredibly valuable, but in the hands of attackers, these new capabilities, however guardrailed, won’t stay contained. Within months, advanced AI models with deep cybersecurity capabilities will become commonplace.

“We expect a deluge of vulnerabilities, a rise in Inside-Out Attacks and most significantly, a shift from AI-assisted to AI-driven attacks.”

Lee notes that organisations to this point which were “mostly protected” will effectively become unprotected.

This reflects the growing concern that AI is accelerating both sides of the cyber equation, increasing the urgency for defensive adoption.

Trusted Access for Cyber 

OpenAI is also scaling its TAC programme, which is a controlled programme that provides vetted cybersecurity professionals with secure access to advanced AI tools for defensive use. 

The programme uses identity verification and organisational validation to ensure that only trusted users can access higher capability tools. 

This allows security teams to use AI for research, vulnerability analysis and system hardening while maintaining strict safeguards.

“The top AI labs are building for defenders now,” notes George Kurtz, CEO of CrowdStrike.

“CrowdStrike continues to lead the market in secure AI adoption, trusted by AI leaders and organisations of all sizes to accelerate the world's AI revolution.

“Thanks Sam Altman and Greg Brockman for your first frontier model purpose-built for defenders.”

His remarks underline the growing collaboration between AI developers and cybersecurity firms as defensive applications become a primary focus of frontier model deployment.

Shift towards AI driven defence

OpenAI’s approach combines specialised models, controlled access and ecosystem support to strengthen cyber defence capabilities. 

Alongside GPT-5.4-Cyber and the Trusted Access programme, the company is investing in security research and infrastructure protection efforts.

OpenAI had previously launched Codex Security⁠ to help defenders identify and fix vulnerabilities at scale.

The company notes: “Since the recent launch, Codex Security has contributed to over 3,000 critical and high fixed vulnerabilities, along with many more lower-severity fixed findings across the ecosystem.”

The direction reflects a broader industry shift towards AI driven defence systems that identify and mitigate vulnerabilities earlier in the software lifecycle.

 As models become more capable, the emphasis is moving towards controlled deployment that balances innovation with security oversight.