OpenAI has unveiled GPT-5.4-Cyber, a new AI model variant that may be willing to accept seemingly malicious prompts in the name of cybersecurity. Unlike the company’s standard frontier models with strict safeguards against harmful requests, GPT-5.4-Cyber is trained to be more lenient — but only for verified defenders.
Announced on April 21, GPT-5.4-Cyber is a variant of OpenAI’s publicly available GPT-5.4 large language model. According to OpenAI, its standard frontier AI models have safeguards against clearly malicious use, refusing harmful user requests such as stealing credentials or finding vulnerabilities in code. In contrast, the new GPT-5.4-Cyber model is trained to be more permissive.
“We’re empowering defenders by giving broad access to frontier capabilities, including models which have been tailor-made for cybersecurity,” OpenAI stated. “This is a version of GPT-5.4 which lowers the refusal boundary for legitimate cybersecurity work and enables new capabilities for advanced defensive workflows.”
Limited Deployment Following Anthropic’s Lead
GPT-5.4-Cyber’s reveal comes just one week after competitor Anthropic announced Project Glasswing — an initiative restricting its cybersecurity-focused Claude Mythos Preview AI model to select approved organizations. Anthropic stated that Claude Mythos Preview “has already found thousands of high-severity vulnerabilities” and that Project Glasswing was designed to ensure the AI model was used solely for defensive cybersecurity purposes.
Given the potential danger posed by GPT-5.4-Cyber’s lowered safeguards, access is extremely restricted. OpenAI states it is starting with “limited, iterative deployment to vetted security vendors, organizations, and researchers.” Only members of its Trusted Access for Cyber (TAC) program at the highest tiers will receive access at present.
The TAC program, introduced in February 2026, is a network of users who have completed OpenAI’s automated identity verification process, including a government ID check. Once approved, users can access versions of AI models with fewer safeguards. Even among TAC-approved users, those not at higher tiers must request additional access and undergo further authentication to verify themselves as “legitimate cyber defenders.”
The Cybersecurity Model Arms Race
This release marks a significant escalation in the cybersecurity-focused AI competition between major AI labs. Both OpenAI and Anthropic are taking extremely cautious approaches to deploying models with reduced safety restrictions, restricting them to vetted organizations rather than making them publicly available.
“Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely,” Anthropic wrote when announcing Project Glasswing.
For enterprise security teams, this development signals a new category of AI tools specifically designed for defensive security work. However, the limited availability means most organizations will need to wait — or partner with approved TAC members — to access these capabilities.