One week after Anthropic unveiled its Mythos frontier model — deployed in a controlled manner through Project Glasswing — OpenAI has answered with GPT-5.4-Cyber, a variant of GPT-5.4 fine-tuned specifically for defensive cybersecurity use cases.
Alongside the model release, OpenAI announced it is scaling its Trusted Access for Cyber (TAC) program to thousands of authenticated individual defenders and hundreds of teams responsible for securing critical software. Access to GPT-5.4-Cyber is tiered: individuals can verify their identity at chatgpt.com/cyber, while enterprise teams apply through an OpenAI account representative.
"The progressive use of AI accelerates defenders — those responsible for keeping systems, data, and users safe — enabling them to find and fix problems faster in the digital infrastructure everyone relies on," OpenAI said.
Unlike standard GPT-5.4, which applies blanket refusals to many dual-use security queries, GPT-5.4-Cyber is described by OpenAI as "cyber-permissive"—meaning it has a deliberately lower refusal threshold for prompts that serve a legitimate defensive purpose. That includes binary reverse engineering, enabling security professionals to analyze compiled software for potential malware, vulnerabilities, and security robustness without access to the source code.
The model also carries specific restrictions. Use in zero-data-retention environments is limited, given that OpenAI has less visibility into the user, environment, and intent in those configurations — a tradeoff the company frames as a necessary control surface in a tiered-access model.
OpenAI also pointed to progress with Codex Security, its AI-powered application security agent now in research preview, which has helped fix over 3,000 critical and high-severity vulnerabilities across codebases since launch.
The rapid one-two punch of releases from Anthropic and OpenAI has sharpened a debate in the security community — not just about which model is more capable, but about which risk philosophy holds up when capabilities are this powerful.
Ronald Lewis, Head of Cybersecurity Governance at Black Duck, laid out the divergence plainly: OpenAI's TAC approach mirrors how advanced forensic platforms have historically been released — restricted to validated professionals, governed by contractual controls, designed to augment expert judgment. Anthropic, by contrast, placed greater emphasis on model alignment and internal self-restraint over individual-level access controls.
"This represents a deliberate departure from the conventional 'dangerous tool → trusted operator' paradigm," Lewis said, noting that Anthropic's strategy reflects a different theory of risk management — that sufficiently aligned models combined with institutional governance can enable broad, high-capability use without strict individual gatekeeping.
Lewis characterized OpenAI's posture as more conservative: "It treats advanced cyber capabilities as regulated instruments, suitable for controlled deployment within professional workflows, much like forensic and investigative tooling, rather than as broadly accessible general-purpose systems."
Security practitioners will find the sharpest analysis in what several experts say these announcements are failing to address: the widening gap between discovery speed and remediation capacity.
Marcus Fowler, CEO of Darktrace Federal, welcomed the expanded access but cautioned against confusing faster analysis with faster risk reduction. "Some of the greatest challenges in cybersecurity today are not the identification or analysis of weak code," Fowler said. "Most organizations are still constrained by the realities of remediation once an issue is discovered: patch development, testing, deployment, uptime requirements, and resource limitations."
Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, put the distinction bluntly: "Finding bugs is very different from fixing bugs."
Trey Ford, Chief Strategy and Trust Officer at Bugcrowd, was more pointed. The bottleneck, he argued, has never been the model — it's the program architecture that determines which findings get verified, which get triaged, and which actually get fixed before an attacker reverse-engineers the same patch.
"What OpenAI's TAC expansion and Anthropic's Glasswing both tell us is that AI-discovered vulnerabilities are outpacing the coordinated infrastructure built to remediate them. The next generation of security programs won't be judged on which AI model they use to find vulnerabilities — they'll be judged on whether they built the program architecture, researcher coordination, and triage capacity to close the gap between machine-speed discovery and human-speed remediation."
— Trey Ford, Chief Strategy and Trust Officer, Bugcrowd
Ford's bottom line for CISOs: "The question every CISO should be asking isn't which model they can access — it's whether their program was designed to act on what those models find."
Ram Varadarajan, CEO at Acalvio, identified a harder architectural limitation that both releases sidestep. OpenAI's identity-gating is a reasonable control surface, he said, but one that "collapses entirely when the attacker is an agentic AI operating with authenticated credentials inside the perimeter, where identity is neither suspicious nor verifiable."
"The industry is converging on knowing who's in the environment," Varadarajan said. "But the more durable question is whether the environment itself can be made to betray what an attacker — human or AI — actually does when no one's watching. That question — environment as detection surface — may be the one that frontier model vendors are structurally unable to answer."
OpenAI signaled that the TAC expansion is explicitly iterative. The company intends to broaden access to critical infrastructure defenders over time, and acknowledged that today's safeguards are calibrated to current model capabilities — future generations will require more extensive defensive architectures.
Notably, GPT-5.4-Cyber is not currently available to U.S. government agencies, though OpenAI told reporters it is in ongoing discussions and will evaluate access through internal governance and safety review processes.
Whether the AI-for-defense race ultimately benefits practitioners will depend less on which company's release philosophy wins out and more on whether the security organizations receiving these tools have the program infrastructure to act on what the models find.
Follow SecureWorld for more cybersecurity news.