The new AI model focused on cybersecurity is less resistant to potentially malicious actions, such as identifying security vulnerabilities.
OpenAI has introduced GPT-5.4-Cyber, a new AI model that may accept seemingly malicious prompts for cybersecurity purposes. However, the ChatGPT developer will not allow unrestricted access to its more lenient AI.
Announced in a blog post on Tuesday, GPT-5.4-Cyber is a variant of OpenAI’s public GPT-5.4 large language model. OpenAI’s frontier models like GPT-5.4 have safeguards to prevent malicious use, such as stealing credentials or finding code vulnerabilities. In contrast, GPT-5.4-Cyber is trained to be more accommodating and might accept these prompts instead.
OpenAI describes GPT-5.4-Cyber as “cyber-permissive,” allowing its use for defensive measures like aiding researchers in finding vulnerabilities.
“We want to empower defenders with frontier capabilities, including cybersecurity-specific models,” OpenAI stated. “This version of GPT‑5.4 reduces refusal boundaries for legitimate work and enables advanced defensive workflows.”
Due to potential risks, not everyone can immediately access GPT-5.4-Cyber’s relaxed safeguards. OpenAI begins with “limited, iterative deployment to vetted security vendors, organizations, and researchers.” Only members of its Trusted Access for Cyber (TAC) program at the highest tiers currently have access.
Introduced in February, TAC is a network for users who complete OpenAI’s automated identity verification, including a government ID check. Approved TAC users can access AI models with fewer safeguards for research, education, and programming.
Not all TAC-approved users can access GPT-5.4-Cyber instantly. Those outside TAC’s higher tiers may request access, requiring further authentication to verify them as “legitimate cyber defenders.”
GPT-5.4-Cyber’s release follows OpenAI competitor Anthropic’s announcement of Project Glasswing. Like TAC, Project Glasswing limits access to Claude Mythos Preview, Anthropic’s cybersecurity AI model, to selected organizations, aiming to ensure defensive cybersecurity use.
“AI capabilities will soon proliferate, potentially beyond safe deployment,” Anthropic warned.