OpenAI has introduced GPT-5.4-Cyber, a variant of its GPT-5.4 large language model with reduced content restrictions designed to support defensive cybersecurity research, available initially only to approved members of its Trusted Access for Cyber programme.
The model was announced via an OpenAI blog post and is described by the company as “cyber-permissive.” Where standard frontier models such as GPT-5.4 are configured to refuse requests related to credential theft, vulnerability discovery, and other potentially harmful actions, GPT-5.4-Cyber is trained to accept a broader range of cybersecurity-related prompts in order to support legitimate defensive use cases.
GPT-5.4-Cyber vs Claude Mythos Preview
| GPT-5.4-Cyber | Claude Mythos Preview | |
|---|---|---|
| Developer | OpenAI | Anthropic |
| Base model | GPT-5.4 | Claude Mythos |
| Access programme | Trusted Access for Cyber (TAC) | Project Glasswing |
| Access type | Limited — vetted organisations and researchers | Limited — approved organisations only |
| Verification required | Government ID check + additional authentication | Organisation-level vetting |
| Introduced | April 2026 | April 2026 |
| Primary purpose | Defensive cybersecurity research, vulnerability discovery, education | Defensive cybersecurity research, vulnerability discovery |
| Content restrictions | Reduced — cyber-permissive | Reduced — defensive use only |
| Public availability | No | No |
| Confirmed capabilities | Accepts cybersecurity prompts refused by standard GPT-5.4 | Reported to have identified thousands of high-severity vulnerabilities |
Access and eligibility
Access to GPT-5.4-Cyber is not publicly available. OpenAI has restricted the model to vetted members of its Trusted Access for Cyber programme, specifically those at its highest tiers. TAC, introduced in February, requires applicants to complete an automated identity verification process that includes a government ID check. Users not currently enrolled in TAC’s higher tiers may apply for access, subject to additional authentication to confirm their status as legitimate cybersecurity professionals.
OpenAI has stated that the initial deployment is limited to vetted security vendors, organisations, and researchers, with the intention of expanding access incrementally.
Intended use cases
OpenAI has positioned GPT-5.4-Cyber as a tool for defensive cybersecurity workflows, including vulnerability identification, security research, education, and programming. The company stated that the model is intended to empower security professionals with frontier AI capabilities tailored specifically to their field, while maintaining oversight through the TAC access framework.
Industry context
The release follows a similar move by Anthropic, which announced Project Glasswing one week prior. Project Glasswing restricts access to Claude Mythos Preview, Anthropic’s cybersecurity-focused AI model, to a select group of approved organisations. Anthropic has stated that Claude Mythos Preview has already identified thousands of high-severity vulnerabilities and that the project is designed to ensure the model is used exclusively for defensive purposes.
Both OpenAI and Anthropic have acknowledged the risk of advanced cybersecurity AI capabilities becoming more widely accessible over time. Anthropic noted in its announcement that the rate of AI progress means such capabilities could eventually reach actors who are not committed to deploying them responsibly, underscoring the rationale behind restricted access programmes.
For cybersecurity professionals and organisations across the Middle East, both TAC and Project Glasswing represent potential pathways to access frontier AI tools for security research, subject to meeting the respective verification requirements of each programme.
Also Read: Google Gemini Personal Intelligence is now rolling out globally
