OpenAI has released GPT-5.4-Cyber, a fine-tuned model for defensive cybersecurity with lowered refusal boundaries and binary reverse engineering capabilities. It sits within the expanded Trusted Access for Cyber (TAC) programme, now scaling to thousands of verified defenders and hundreds of teams. The move directly contrasts with Anthropic's approach: Anthropic restricted its more powerful Mythos model (capable of autonomously discovering zero-days) to just 11 major organizations under a $100M initiative, while OpenAI bets on broad verified access via KYC-style identity checks and tiered permissions. A key trade-off is that top-tier users must waive Zero-Data Retention, giving OpenAI visibility into sensitive security research. The debate centers on whether broad verified access or tight gatekeeping better protects against misuse of dual-use AI security capabilities.
Table of contents
Trusted Access for Cyber, scaled upThe Anthropic contextWhat GPT-5.4-Cyber can doThe dual-use problemThe emerging landscapeSort: