OpenAI’s new AI model, GPT-5.4-Cyber, is a fine-tuned version of its flagship GPT-5.4 model designed exclusively for defensive cybersecurity work. Its announcement comes one week after competitor Anthropic revealed its own frontier model, Claude Mythos Preview.

GPT-5.4-Cyber is built to handle tasks that standard ChatGPT models often refuse or struggle with, specifically around security analysis and vulnerability research.

What the GPT-5.4-Cyber Model Actually Does

By "lowering the refusal boundary for legitimate cybersecurity work," the model supports complex defensive operations, notably binary reverse engineering. Security teams can now deconstruct compiled software to identify malware and structural weaknesses without access to the source code.

OpenAI describes the model's purpose as: "The progressive use of AI accelerates defenders — those responsible for keeping systems, data, and users safe — enabling them to find and fix problems faster in the digital infrastructure everyone relies on."

This builds on OpenAI's existing Codex Security platform, which launched earlier this year. That tool has already racked up real results, contributing to over 3,000 critical and high-severity vulnerability fixes across the software ecosystem, plus many more lower-severity issues.

What Is Project Glasswing? 7 Things to Know About Anthropic’s New Mythos AI Security Alliance
Anthropic new $100M cybersecurity initiative is built around an unreleased AI model that found thousands of critical security flaws in every major operating system and browser
TechloyDamilare Odedina

How to Get Access to GPT-5.4-Cyber

OpenAI is rolling this out through its Trusted Access for Cyber program, which first launched in February. The company is now expanding access to thousands of verified individual security professionals and hundreds of teams protecting critical software.

There are different tiers based on how much verification you complete.

  • For individual users: Verify your identity at chatgpt.com/cyber to gain reduced friction around safeguards that might block legitimate security work.
  • For enterprises: Request trusted access through your OpenAI representative.
  • For highest-tier access: Security professionals willing to complete additional authentication can request access to GPT-5.4-Cyber itself, though OpenAI emphasizes this will be "a limited, iterative deployment to vetted security vendors, organizations, and researchers."

This model is more permissive, so there are stricter controls on who can use it and how.

OpenAI also notes that access may come with limitations, especially for uses where the company has less visibility into what's happening, like Zero-Data Retention requests.

GPT-5.4-Cyber vs Claude Mythos Preview: What Is the Difference

Anthropic announced Claude Mythos Preview on April 7 as part of Project Glasswing. Unlike GPT-5.4-Cyber, Mythos was not specifically designed for cybersecurity, its capabilities in that area emerged as a byproduct of broader improvements in code, reasoning, and autonomy. The model has already identified thousands of previously unknown zero-day vulnerabilities across every major operating system and web browser, including bugs that had gone undetected for decades.

Anthropic's rollout is more controlled. Project Glasswing launched with 12 named partner organizations, including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, and has since been extended to over 40 additional organizations that build or maintain critical software infrastructure. Anthropic has no plans to make Mythos Preview generally available yet.

OpenAI is going broader from the start. The company plans to scale access to thousands of individual defenders and hundreds of teams through verified pathways. Fouad Matin, a cyber researcher at OpenAI, explained the philosophy to reporters: "No one should be in the business of picking winners and losers when it comes to cybersecurity."

The approach reflects what OpenAI calls "democratized access", making tools "as widely available as possible while preventing misuse" through identity verification and monitoring rather than limiting access to a small group.

The rollout will still be gradual. OpenAI says onboarding will take time as the company reviews and verifies users. And notably, U.S. government agencies don't currently have access, though OpenAI says it's in ongoing discussions about that.

Claude Mythos Preview Raises Regulatory Concerns Over Vulnerability Exploitation Capability
Researchers say it can autonomously combine multiple weaknesses to penetrate complex systems, raising concerns it could be used to target financial institutions and critical infrastructure.
TechloyOgbonda Chivumnovu