OpenAI Launches GPT-5.4-Cyber for Advanced Reverse Engineering

OpenAI is expanding its cybersecurity efforts today with the release of GPT-5.4-Cyber. This new version of its flagship model is specifically fine-tuned for defensive work, allowing verified users to analyze software and identify vulnerabilities with fewer safety refusals on legitimate security tasks.



The rollout is part of a broader expansion of the Trusted Access for Cyber (TAC) program, which OpenAI is now scaling to thousands of verified individuals and hundreds of teams responsible for defending critical systems. The big change here is that GPT-5.4-Cyber is designed to be "cyber-permissive." While standard AI models may decline requests to analyze code for potential exploits, this variant lowers those refusal boundaries for legitimate professionals. It also introduces advanced binary reverse engineering capabilities, meaning security teams can analyze compiled software for malware or vulnerabilities even without access to the original source code.


This release builds on the foundation laid by GPT-5.4 and its one-million-token context window. OpenAI says the goal is to help defenders keep pace with attackers who are already using AI to find new ways into systems. The company notes that cyber risk is already accelerating, with both defenders and threat actors using AI to improve their capabilities. Recent incidents, such as the public leak of the DarkSword exploit kit, which has been used to target iPhones through malicious websites, highlight how quickly these threats can spread.

OpenAI isn't opening this to everyone. Individual users have to verify their identity through a new portal at chatgpt.com/cyber, while enterprises can request access through their account representatives. This tiered approach is meant to keep these more permissive tools in the hands of verified defenders. Approved users get versions of current models with less friction, while those in higher tiers can request access to GPT-5.4-Cyber.

The move fits into a larger industry shift where AI is becoming part of the security workflow. Apple has also moved in this direction, adding agentic coding support to Xcode 26.3, and recently joining Anthropic's Project Glasswing initiative to help identify critical vulnerabilities. OpenAI says its Codex Security tool has already contributed to fixing over 3,000 critical and high-severity vulnerabilities.

Looking ahead, OpenAI says it will continue scaling these defenses alongside its model capabilities. The company maintains that the most effective approach is to help developers identify and fix vulnerabilities as software is being written, rather than after a breach.