A week after Anthropic restricted access to its powerful Claude Mythos model, OpenAI has unveiled GPT-5.4-Cyber with similar limitations, signaling a new front in the AI arms race where security concerns dictate who gets access.
OpenAI announced Tuesday that GPT-5.4-Cyber will be available only to "the highest tiers" of its Trusted Access for Cyber program, reaching a few hundred users initially before expanding to thousands in coming weeks. The model lowers refusal boundaries for legitimate cybersecurity work, allowing researchers to probe systems without encountering as many safeguards that block sensitive security requests.
Anthropic offered its Claude Mythos Preview to just 40 major tech players last week through Project Glasswing, an initiative that OpenAI cyber researcher Fouad Matin criticized as "picking winners and losers." Both companies face the same dilemma: their models can identify critical vulnerabilities in operating systems and web browsers by uncovering flaws in widely-used software, but those same capabilities could be exploited by attackers.
GPT-5.4-Cyber includes features like binary reverse engineering that allow analysis of compiled software for malware and vulnerabilities without needing original source code. Described as "cyber-permissive," the variant of OpenAI's publicly available GPT-5.4 large language model enables advanced defensive workflows while maintaining fewer limitations than general models.
The banking sector expressed particular concern about Mythos's ability to find and exploit vulnerabilities in almost any website or browser, prompting major American bank chiefs to meet with US Treasury Secretary Scott Bessent and Federal Reserve Chairman Jerome Powell last week. OpenAI's approach aims to democratize access through objective criteria rather than selecting specific organizations.
"We want to empower defenders by giving broad access to frontier capabilities, including models which have been tailor-made for cybersecurity,"
OpenAI stated in a blog post announcing GPT-5.4-Cyber. The company emphasized starting with "limited, iterative deployment to vetted security vendors, organizations, and researchers" through its TAC program.
OpenAI also plans to build ecosystem resilience by supporting the broader community through grants, including a $10 million program and open-source initiatives like Codex Security. Users not already part of TAC's higher tiers may request access but must undergo further authentication to verify themselves as legitimate cyber defenders.
The rapid succession of launches, Anthropic's Mythos last week followed by OpenAI's Cyber this week, reinforces warnings from Anthropic co-founders that other powerful hacking AIs were coming soon. Cybersecurity is becoming an AI-driven domain where models compete both to find security flaws and fix them.
