GPT 5.4-Cyber: What is OpenAI's Trusted Access for Cyber?

OpenAI has launched GPT-5.4-Cyber – a specialised model built specifically for defensive security operations.

Offering US$10m commitment through its Cybersecurity Grant Program and expanding its Trusted Access for Cyber (TAC) programme – which provides vetted security professionals with controlled access to advanced AI capabilities designed exclusively for defensive use – OpenAI is solidifying its position among the leaders in AI cyber defence. 

The move represents a significant development for cybersecurity practitioners as AI-powered tools become increasingly central to threat detection and vulnerability management.

TAC comes at a time when security teams are grappling with the dual-edged nature of AI in cybersecurity. While these tools offer powerful defensive capabilities, the same technologies could potentially be leveraged by threat actors.

OpenAI's approach attempts to address this challenge by ensuring access to its most capable models remains firmly in the hands of defenders through verification and organisational validation processes.

Major enterprises adopt defensive AI tools

The Trusted Access for Cyber programme has already been adopted by major financial institutions and technology companies including Bank of America, BlackRock, BNY, Citi, Cisco, Cloudflare, CrowdStrike, Goldman Sachs, iVerify, JPMorgan Chase, Morgan Stanley, NVIDIA, Oracle, Palo Alto Networks, SpecterOps, US Bank and Zscaler.

These organisations are using the platform to enhance their security operations and vulnerability management capabilities.

The capabilities are also being shared with government bodies including the US Center for AI Standards and Innovation and the UK AI Security Institute, reflecting the strategic importance of these tools at a national security level.

For security practitioners, GPT-5.4-Cyber is designed to integrate into existing workflows rather than replace them.

The model supports tasks such as vulnerability discovery, code analysis and incident response, where structured reasoning and complex logic chains are essential.

Unlike general purpose models, it is tuned to operate within security-constrained environments, helping teams identify weaknesses earlier in the development cycle.

Threat landscape demands proactive defence

Lee Klarich, Chief Technology and Product Officer at Palo Alto Networks notes: "The release of the newest frontier AI models marks a turning point for cybersecurity," he says.

"Our early testing of Anthropic's Claude Mythos Preview model reveals that frontier AI models are extraordinarily capable at finding vulnerabilities and generating corresponding exploits. Perhaps more eye opening is their ability to find attack paths through vulnerability chaining and logic-based exposure."

Lee warns that while these capabilities are valuable in the hands of defenders, the same techniques will not remain exclusive. "Within months, advanced AI models with deep cybersecurity capabilities will become commonplace," he notes.

"We expect a deluge of vulnerabilities, a rise in Inside-Out Attacks and most significantly, a shift from AI-assisted to AI-driven attacks."

His assessment suggests that organisations which have relied on traditional defences could find themselves increasingly exposed as threat actors adopt AI-driven attack methodologies. This creates an imperative for security teams to adopt defensive AI capabilities at pace.

The expanded Trusted Access for Cyber programme uses identity verification and organisational validation to ensure only vetted cybersecurity professionals can access higher capability tools.

This allows security teams to conduct research, perform vulnerability analysis and strengthen system hardening while maintaining strict safeguards against misuse.

George Kurtz, CEO of CrowdStrike, emphasises the collaborative nature of these developments. "The top AI labs are building for defenders now," he says.

Emphasising CrowdStrike's selection in the programme, George notes: "CrowdStrike continues to lead the market in secure AI adoption, trusted by AI leaders and organisations of all sizes to accelerate the world's AI revolution.

"Thanks Sam Altman and Greg Brockman for your first frontier model purpose-built for defenders."

Sam Altman is the CEO of OpenAI and Greg Brockman is the President of OpenAI.

OpenAI had previously launched Codex Security to help defenders identify and fix vulnerabilities at scale.

According to the company, since its recent launch, Codex Security has contributed to over 3,000 critical and high fixed vulnerabilities, along with many more lower-severity fixed findings across the ecosystem.

As models become more capable, the emphasis is on controlled deployment that balances operational capability with security oversight.