OpenAI has unveiled GPT-5.4-Cyber, a new AI model that may be willing to accept seemingly malicious prompts in the name of cybersecurity. Fortunately, the ChatGPT developer won’t let just anyone play with its less restrictive, more freewheeling AI.
Is Anthropic’s Claude Mythos a big stunt, or a real security threat? What the experts say.
Announced via a blog post on Tuesday, GPT-5.4-Cyber is a variant of OpenAI’s publicly available GPT-5.4 large language model. According to OpenAI, its frontier AI models such as GPT-5.4 have safeguards against clearly malicious use, making them refuse harmful user requests such as stealing credentials or finding vulnerabilities in code. In contrast, the company’s new GPT-5.4-Cyber model is trained to be more lenient, and potentially accept these prompts instead.
Describing GPT-5.4-Cyber as “cyber-permissive,” OpenAI states that this change is to allow the AI to be used for defensive cybersecurity measures, such as helping researchers find vulnerabilities to be addressed.
“We want to empower defenders by giving broad access to frontier capabilities, including models which have been tailor-made for cybersecurity,” wrote OpenAI. “This is a version of GPT‑5.4 which lowers the refusal boundary for legitimate cybersecurity work and enables new capabilities for advanced defensive workflows.”
Given the potential danger posed by GPT-5.4-Cyber’s lowered safeguards, not everyone will be able to immediately dive in to push the AI’s arguably flexible ethical limits even further. OpenAI states that it is starting with “limited, iterative deployment to vetted security vendors, organizations, and researchers.” As such, only members of its Trusted Access for Cyber (TAC) program will be given access to GPT-5.4-Cyber at present, and only those at its highest tiers.
Mashable Light Speed
Introduced in February, TAC is a network of users who have been through OpenAI’s automated identity verification process, including completing a government ID check. Once approved, users in OpenAI’s TAC program are allowed access to versions of its AI models with fewer safeguards, such as GPT‑5.4‑Cyber. OpenAI states that this is intended to enable cybersecurity research, education, and programming.
Not every TAC-approved user will immediately get their hands on GPT-5.4-Cyber, however. OpenAI states that users who aren’t already part of TAC’s higher tiers may request access to it, which will require going through further authentication to verify themselves as “legitimate cyber defenders.”
GPT-5.4-Cyber’s reveal comes just one week after OpenAI competitor Anthropic announced Project Glasswing. Like TAC, Project Glasswing is an initiative that restricts Anthropic’s cybersecurity-focused Claude Mythos Preview AI model to select approved organisations. Claiming that Claude Mythos Preview “has already found thousands of high-severity vulnerabilities,” Anthropic stated that Project Glasswing was an effort to ensure its AI model was used for solely defensive cybersecurity purposes.
“Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely,” Anthropic wrote.
Disclosure: Ziff Davis, Mashable’s parent company, in April 2025 filed a lawsuit against OpenAI, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.
