GPT 5.4-Cyber & OpenAI's Trusted Access for Cyber Programme

There is new wind in the arena for AI cyber defence and it is coming from OpenAIās new release ā GPTā5.4āCyber.
Committing US$10m in API credits through its Cybersecurity Grant Program and scaling its Trusted Access for Cyber (TAC) to defenders, OpenAI is strengthening its position amongst cyber defenders.
As AI continues to evolve, OpenAI expects cybersecurity to become increasingly proactive rather than reactive, with intelligent systems playing a central role in detecting and preventing threats before they escalate.
As AI cyber capabilities can power both offence and defence, OpenAI's TAC ensures that access to such powerful tools rests firmly in the hands of the defenders.
TAC already has seen widespread adoption with enterprises such as Bank of America, BlackRock, BNY, Citi, Cisco, Cloudflare, CrowdStrike, Goldman Sachs, iVerify, JPMorgan Chase, Morgan Stanley, NVIDIA, Oracle, Palo Alto Networks, SpecterOps, US Bank and Zscalerā signing up.
The capabilities are also being shared with the US Center for AI Standards and Innovation (CAISI) and the UK AI Security Institute (UK AISI).
GPT-5.4-Cyber built for defensive security
GPT-5.4-Cyber is a model designed specifically for defensive security use cases.
It is tuned to support tasks such as vulnerability discovery, code analysis and incident response, where structured reasoning is critical.
Unlike general purpose models, GPT-5.4-Cyber is intended to operate within security constrained environments. It helps teams trace complex logic chains, analyse software behaviour and identify weaknesses earlier in the development cycle.
The focus is on defensive capability rather than offensive application. By embedding the model into security workflows, OpenAI aims to help organisations reduce exposure before vulnerabilities are exploited.
Industry leaders see this direction as inevitable. Lee Klarich, Chief Technology and Product Officer at Palo Alto Networks writes on his LinkedIn: āThe release of the newest frontier AI models marks a turning point for cybersecurity.
āAs a member of Anthropicās Project Glasswing as well as OpenAIās Trusted Access for Cyber programme, weāve had a front row seat to the incredible advances of these models.
āOur early testing of Anthropicās Claude Mythos Preview model reveals that frontier AI models are extraordinarily capable at finding vulnerabilities and generating corresponding exploits.
āPerhaps more eye opening is their ability to find attack paths through vulnerability chaining and logic-based exposure.
āIn the hands of defenders, this is incredibly valuable, but in the hands of attackers, these new capabilities, however guardrailed, wonāt stay contained. Within months, advanced AI models with deep cybersecurity capabilities will become commonplace.
āWe expect a deluge of vulnerabilities, a rise in Inside-Out Attacks and most significantly, a shift from AI-assisted to AI-driven attacks.ā
Lee notes that organisations to this point which were āmostly protectedā will effectively become unprotected.
This reflects the growing concern that AI is accelerating both sides of the cyber equation, increasing the urgency for defensive adoption.
Trusted Access for Cyber
OpenAI is also scaling its TAC programme, which is a controlled programme that provides vetted cybersecurity professionals with secure access to advanced AI tools for defensive use.
The programme uses identity verification and organisational validation to ensure that only trusted users can access higher capability tools.
This allows security teams to use AI for research, vulnerability analysis and system hardening while maintaining strict safeguards.
āThe top AI labs are building for defenders now,ā notes George Kurtz, CEO of CrowdStrike.
“CrowdStrike continues to lead the market in secure AI adoption, trusted by AI leaders and organisations of all sizes to accelerate the world's AI revolution.
“Thanks Sam Altman and Greg Brockman for your first frontier model purpose-built for defenders.”
His remarks underline the growing collaboration between AI developers and cybersecurity firms as defensive applications become a primary focus of frontier model deployment.
Shift towards AI driven defence
OpenAI’s approach combines specialised models, controlled access and ecosystem support to strengthen cyber defence capabilities.
Alongside GPT-5.4-Cyber and the Trusted Access programme, the company is investing in security research and infrastructure protection efforts.
OpenAI had previously launched Codex Securityā to help defenders identify and fix vulnerabilities at scale.
The company notes: “Since the recent launch, Codex Security has contributed to over 3,000 critical and high fixed vulnerabilities, along with many more lower-severity fixed findings across the ecosystem.”
The direction reflects a broader industry shift towards AI driven defence systems that identify and mitigate vulnerabilities earlier in the software lifecycle.
As models become more capable, the emphasis is moving towards controlled deployment that balances innovation with security oversight.




