OpenAI is expanding its Trusted Access for Cyber program from a limited pilot to include thousands of verified individual defenders and hundreds of teams tasked with protecting critical software. This expansion also introduces higher access tiers linked to authentication. The centerpiece of this initiative is GPT-5.4-Cyber, a fine-tuned variant of GPT-5.4 designed specifically for defensive cybersecurity work, featuring fewer capability restrictions. This model reduces refusal boundaries for legitimate security tasks and supports advanced workflows such as binary reverse engineering, enabling analysts to inspect compiled software for malware potential, vulnerabilities, and overall security robustness, even without source code. Individual defenders can apply through ChatGPT, while enterprise access is managed through OpenAI sales channels. The most permissive tier is initially available to vetted security vendors, organizations, and researchers.
For years, we’ve been building our cyber defense program on the principles of democratized access, iterative deployment, and ecosystem resilience.
— OpenAI (@OpenAI) April 14, 2026
As model capabilities advance, our approach is to scale cyber defense in lockstep: broadening access for legitimate defenders while…
This initiative builds on a broader OpenAI effort that began in 2023 with its Cybersecurity Grant Program and gained momentum in February with the launch of Trusted Access for Cyber alongside GPT-5.3-Codex. At that time, OpenAI characterized cyber work as a dual-use domain and established identity- and trust-based access to facilitate legitimate defenders while maintaining restrictions on malicious use. In March, OpenAI introduced Codex Security, an application security agent that maps project context, validates suspected issues in sandboxed environments, and proposes patches. According to OpenAI, this system scanned more than 1.2 million commits in its beta cohort, identified hundreds of critical issues and over ten thousand high-severity findings, and has since contributed to the resolution of more than 3,000 critical and high vulnerabilities across the ecosystem.
The target audience for this program is not general consumers. OpenAI is focusing on security researchers, defensive engineering teams, educators, responsible vulnerability researchers, open-source defenders, and enterprises safeguarding production systems and critical infrastructure. OpenAI emphasizes that access will remain more restricted in low-visibility environments, particularly zero-data-retention setups and third-party platforms where it has less insight into who is using the model and for what purpose. The company’s broader stance is that future models will continue to improve in cyber tasks, necessitating that defensive access, verification, monitoring, and deployment controls scale in parallel rather than waiting for a later threshold.
