OpenAI Scales Verified Access to GPT-5.4-Cyber for Defenders
OpenAI expands Trusted Access for Cyber (TAC) to thousands of verified individuals and hundreds of teams, releasing GPT-5.4-Cyber—a fine-tuned, permissive model for defensive tasks like binary reverse engineering—using KYC verification to enable broad access without misuse.
Principles Enabling Safe, Broad AI Cyber Access
OpenAI's cyber defense strategy rests on three pillars: democratized access via objective KYC and identity verification to avoid arbitrary gatekeeping; iterative deployment by testing models in the real world, refining safeguards against jailbreaks, and calibrating refusals for dual-use cyber tasks; and ecosystem investments like grants, open-source contributions, and tools such as Codex Security. This approach counters accelerating AI-driven threats—already evident pre-LLMs like WannaCry—by tying access to user trust signals rather than model power alone, allowing general models for broad use alongside granular controls for high-risk capabilities.
Cyber risk depends on user intent and verification, not just model strength: broad safeguards coexist with automated trust validation for defenders protecting critical infrastructure. Defenses scale with capabilities—e.g., cyber-specific training started in GPT-5.2, expanded in GPT-5.3-Codex and GPT-5.4 (classified 'high' cyber risk under Preparedness Framework)—ensuring permissive models for legit defenders without waiting for hypothetical thresholds.
Achievements: 3,000+ Vulnerabilities Fixed, $10M in Grants
OpenAI's efforts have fixed over 3,000 critical/high vulnerabilities via Codex Security (launched in private beta six months ago, now research preview), which auto-monitors codebases, validates issues, and proposes fixes. Codex for Open Source reached 1,000+ projects with free scanning. A $10M Cybersecurity Grant Program supports defenders, alongside contributions like $12.5M to Linux Foundation open-source security. Since 2023, programs like the Cybersecurity Grant and Preparedness Framework have prevented misuse while accelerating workflows: models now reason across codebases, support vulnerability hunting, and integrate into dev tools for real-time feedback, shifting security left in software development.
These scale defenses with agentic coding advances, refining model refusals for sensitive requests while expanding TAC to reduce safeguard friction on defensive tasks like security education and vuln research.
Accessing GPT-5.4-Cyber and Future Safeguards
TAC now tiers access: individuals verify at chatgpt.com/cyber; enterprises request via reps. Highest tiers get GPT-5.4-Cyber, fine-tuned for cyber-permissive use—lowers refusals on legit work, adds binary reverse engineering for malware/vuln analysis without source code. Starts limited to vetted vendors/researchers, with limits on zero-data retention for low-visibility uses.
Existing TAC users express interest in upgrades via form. Current safeguards suffice for broad deployment; future models need expanded defenses, with cyber-tuned variants under stricter controls to match rapid capability growth.