OpenAI ramps up cyber defense with GPT-5.4-Cyber, directly challenging Anthropic

Just one week after Anthropic’s move into cybersecurity, OpenAI unveils GPT-5.4-Cyber, a model restricted to verified users. Behind the announcement lies a clear strategy: positioning AI as a core building block of software defense.

The response was swift. Days after Anthropic introduced Claude Mythos, OpenAI rolled out GPT-5.4-Cyber, a version of its model tailored for defensive cybersecurity use cases. Access is currently limited to a select group of professionals and organizations vetted through the Trusted Access for Cyber (TAC) program.

Unlike standard versions, this model is intentionally more “permissive” when handling security-related queries. The goal is to remove friction that previously hindered legitimate use cases, particularly in code analysis and vulnerability detection. Among the highlighted capabilities is binary reverse engineering, enabling the inspection of compiled software without access to source code.

With this approach, OpenAI openly acknowledges the dual-use nature of such technologies. The company is betting on an access model based on user verification and trust signals, rather than broad restrictions. This aligns with Anthropic’s positioning, though OpenAI adopts a more open and scalable approach.

Beyond the product itself, the move is strategic. By embedding its models directly into development and security workflows, OpenAI aims to establish itself as a key player in cyber defense. Its Codex Security tool, already tested upstream, is said to have helped fix thousands of vulnerabilities, illustrating a shift toward automated security.

This development underscores the intensifying competition between AI labs in the cybersecurity space. More than just another application area, cybersecurity is becoming a testing ground for models capable of analyzing, detecting, and fixing issues at scale—while continuing to raise questions around control and governance.