OpenAI officially launched the expanded phase of its Trusted Access for Cyber (TAC) program on April 20, 2026, granting select organizations and researchers access to its specialized GPT-5.4-Cyber model. This model is a variant of the company’s flagship GPT-5.4 architecture, specifically fine-tuned for defensive cybersecurity tasks. According to official statements, GPT-5.4-Cyber is "cyber-permissive," featuring lowered refusal boundaries that allow verified professionals to conduct legitimate security research, such as identifying software vulnerabilities and analyzing malware, without the restrictions typically applied to general-purpose models.

A core technical advancement in GPT-5.4-Cyber is its capacity for binary reverse engineering. This functionality enables security teams to analyze compiled software for potential exploits and security robustness without needing the original source code. OpenAI stated that this capability is intended to help defenders find and fix problems in digital infrastructure more rapidly. The TAC program is now scaling to support thousands of verified individual defenders and hundreds of enterprise teams tasked with protecting critical software systems.

The program has secured participation from a broad range of major financial institutions and technology companies. Confirmed participants include BNY, Bank of America, BlackRock, Citi, Goldman Sachs, JPMorgan Chase, and Morgan Stanley. Leigh-Ann Russell, Chief Information Officer at BNY, noted that the firm’s participation reflects a commitment to protecting financial system resilience as AI capabilities accelerate. On the technology side, partners include Cisco, Cloudflare, CrowdStrike, NVIDIA, Oracle, Palo Alto Networks, and Zscaler. Furthermore, OpenAI has granted access to the U.S. Center for AI Standards and Innovation (CAISI) and the UK AI Security Institute to facilitate independent testing and third-party oversight.

In conjunction with the expansion, OpenAI announced a $10 million commitment in API credits through its Cybersecurity Grant Program. This initiative is designed to provide frontier AI access to under-resourced defenders and open-source security communities. Initial grant recipients include Socket, Semgrep, Calif, and Trail of Bits. OpenAI noted that the goal is to ensure that smaller teams and open-source maintainers have the same defensive tools as large enterprises to address critical vulnerabilities.

Access to the most advanced tiers of the program, including GPT-5.4-Cyber, requires a rigorous identity verification process. This includes automated government ID checks and a tiered trust model where access levels are determined by the strength of verification and the clarity of user intent. OpenAI emphasized that this structure is designed to maintain accountability while democratizing access to powerful defensive tools. The expansion follows the recent launch of competitor Anthropic’s Project Glasswing. OpenAI also reported that its existing Codex Security tool has already contributed to fixing more than 3,000 critical and high-severity vulnerabilities across the software ecosystem.