OpenAI today announced the broad expansion of its Trusted Access for Cyber (TAC) program, a move that includes the official release of GPT-5.4-Cyber, a specialized artificial intelligence model designed for defensive cybersecurity operations. The announcement, finalized on April 20, 2026, marks a strategic scaling of the company’s security infrastructure, transitioning from a limited pilot phase to a tiered access system serving thousands of verified individual defenders and hundreds of enterprise security teams.
The GPT-5.4-Cyber model is a fine-tuned variant of OpenAI’s flagship GPT-5.4 architecture. Unlike standard large language models that often refuse queries related to software vulnerabilities or exploit analysis due to safety guardrails, GPT-5.4-Cyber is described as "cyber-permissive." This designation means the model has lowered refusal boundaries for legitimate security tasks, enabling verified users to perform advanced defensive workflows. A primary feature of the new model is its capability for binary reverse engineering, which allows security professionals to analyze compiled software for malware and vulnerabilities without requiring access to the original source code.
Access to the model is governed by the TAC program’s new tiered identity verification system. Mira Murati, OpenAI’s Chief Technology Officer, stated that the program is designed to empower defenders by giving broad access to frontier capabilities tailor-made for cybersecurity. Individual researchers must complete a government-issued ID check and automated verification process at a dedicated portal, while enterprise teams are vetted through direct engagement with OpenAI representatives. Higher tiers of verification unlock progressively more powerful model capabilities. OpenAI stated that this approach is intended to democratize access to frontier AI tools for defenders while maintaining rigorous oversight to prevent the technology from being repurposed for offensive or malicious use.
The expansion follows the February 2026 launch of the TAC pilot and the deployment of the Codex Security platform. OpenAI reported that Codex Security has already contributed to identifying and proposing fixes for more than 3,000 critical and high-severity vulnerabilities across various software ecosystems. Additionally, the company’s Codex for Open Source initiative has provided free security scanning to over 1,000 open-source projects. To support the continued growth of the TAC ecosystem, OpenAI previously committed a $10 million cybersecurity grant to fund defensive AI research.
This development follows the recent unveiling of Anthropic’s Project Glasswing and its Mythos model on April 7, 2026. OpenAI officials emphasized that their strategy focuses on scaling cyber defense in lockstep with model capabilities, ensuring that legitimate defenders have a technological advantage over adversarial actors. While GPT-5.4-Cyber offers expanded functionality, it remains subject to limitations regarding Zero-Data Retention (ZDR) for certain third-party integrations to ensure data privacy and security compliance. The company confirmed it is in ongoing discussions with government agencies regarding future access levels for public sector infrastructure protection.