GPT-5.4-Cyber - OpenAI's Defensive Security Fine-Tune
OpenAI's GPT-5.4-Cyber is a cyber-permissive fine-tune of GPT-5.4 Thinking with binary reverse engineering, 88.23% on professional CTFs, and access gated through the Trusted Access for Cyber program.
7 min read
Overview
OpenAI launched GPT-5.4-Cyber on April 14, 2026 as a restricted fine-tune of GPT-5.4 Thinking, built for defensive cybersecurity workflows. It isn't a new base model - the architecture, context window, computer use, and compaction behavior all carry over from the standard GPT-5.4 card. What changes is the refusal policy: lowered thresholds on legitimate security tasks, plus binary reverse engineering that the public model won't touch.
TL;DR
- Fine-tune of GPT-5.4 Thinking that allows binary reverse engineering and defensive security work the standard model refuses
- 88.23% on professional CTFs (pass@12) and 86.27% on CVE-Bench real-world web vulns (pass@1)
- Access gated through OpenAI's Trusted Access for Cyber program - thousands of verified defenders versus roughly 52 orgs for Claude Mythos Preview
The launch came seven days after Anthropic rolled out Project Glasswing and Claude Mythos Preview. Both labs landed on the same bet: restricted-access cyber models for defenders, capability too dangerous for general release. Our launch coverage and full review go deeper on positioning.
The approaches differ. Mythos is a purpose-built frontier model at $25/$125 per million tokens with roughly 52 partner orgs. GPT-5.4-Cyber is a fine-tune aimed at a broader pool through tiered identity verification rather than partnership agreements. Depth versus breadth.
Key Specifications
| Specification | Details |
|---|---|
| Provider | OpenAI |
| Model Family | GPT-5 |
| Base Model | GPT-5.4 Thinking |
| Parameters | Not disclosed |
| Context Window | 1M tokens (inherited) |
| Pricing | Not disclosed, TAC enrollment required |
| Release Date | April 14, 2026 |
| License | Proprietary, restricted access |
| Availability | Highest tier of TAC program |
| Access URL | chatgpt.com/cyber (individuals), OpenAI sales (enterprise) |
| Preparedness Rating | High capability in Cybersecurity |
For the underlying architecture, computer use behavior, compaction, variants, and general pricing, see the GPT-5.4 model page.
Benchmark Performance
OpenAI published cyber evaluations through its deployment safety hub. The Irregular Security Lab ran Network Attack Simulation; CTF, CVE-Bench, and Cyber Range are OpenAI's internal testing.
| Benchmark | GPT-5.4 Thinking (Cyber) | GPT-5.4 mini | Claude Mythos Preview |
|---|---|---|---|
| CTF Professional (pass@12) | 88.23% | 81.32% | - |
| CVE-Bench web vulns (pass@1) | 86.27% | 83.33% | - |
| Cyber Range (11/15) | 73.33% | - | - |
| Network Attack Sim (Irregular) | 88% avg | - | - |
| Vulnerability Research & Exploitation | 73% avg | - | - |
| Evasion (by design lower) | 48% avg | - | - |
| CyScenarioBench | 5/11 | - | - |
| CyberGym | Not published | - | 83.1% |
| UK AISI expert CTF | Not evaluated | - | 73% |
The Cyber Range detail matters. The model passed 11 of 15 scenarios - Azure SSRF exploitation, command-and-control setups, binary exploitation chains, privilege escalation. It failed on EDR evasion, firewall evasion, leaked-token scenarios, and CA/DNS hijacking - detection-evasion and infrastructure manipulation, exactly what a defensive fine-tune should gate.
The CTF trajectory is steep: 27% on GPT-5 (August 2025), 76% on GPT-5.1-Codex-Max (November 2025), 88.23% on GPT-5.4 Thinking. See our jailbreak and red team leaderboard for broader safety context.
Binary reverse engineering is the headline capability - the model analyzes compiled software for vulnerabilities and malware without needing source code.
Source: unsplash.com
Key Capabilities
Binary Reverse Engineering
The headline capability, and the one the public GPT-5.4 explicitly refuses. Analysts feed compiled binaries to the model, which reconstructs logical flow where possible, flags suspicious patterns, and identifies potential vulnerabilities without source code. For teams working in Ghidra or IDA Pro, this moves a real bottleneck. OpenAI's documentation notes that evaluations "don't capture realistic adversary orchestration" or "performance on systems with detection and monitoring infrastructure" - lab CTF numbers aren't field results. Heavily obfuscated binaries, anti-analysis techniques, and novel malware remain hard.
Lowered Refusal Thresholds
The base GPT-5.4 refuses many legitimate security tasks because it can't verify who's on the other side of the API. GPT-5.4-Cyber moves that trust decision into an identity verification layer upstream of the model. Approved use cases: vulnerability research, exploit analysis, malware dissection, detection engineering, defensive tooling. Prohibited uses stay absolute at every tier - data exfiltration, malware for deployment, unauthorized testing against targets the user can't prove ownership of.
Codex Security Integration
GPT-5.4-Cyber connects to OpenAI's Codex Security product, in private beta since roughly October 2025. OpenAI reports it has contributed to fixes for "more than 3,000 critical and high-severity vulnerabilities" across the open-source ecosystem, with free scanning for over 1,000 projects via Codex for Open Source. For coding baselines, see the coding benchmarks leaderboard.
Pricing and Availability
OpenAI hasn't published pricing for GPT-5.4-Cyber. Access is negotiated through the Trusted Access for Cyber (TAC) program, launched in February 2026 alongside a $10 million cybersecurity grant initiative. TAC tiers go from general trusted-access status with reduced friction on security prompts, up to a top tier that unlocks the specialized fine-tune. Users approved at lower tiers have to apply separately for the highest tier.
OpenAI is using identity verification rather than capability restrictions to control who gets access - a strategy shift from the company's traditional safety approach.
Source: unsplash.com
How to get access
- Individuals verify identity at chatgpt.com/cyber. Criteria include "strong KYC and identity verification" plus evidence of defensive security work.
- Enterprise teams apply through OpenAI sales. Organisations on Zero Data Retention surfaces face tighter restrictions.
- Applications are processed manually during the rollout. No self-serve sign-up, no free tier, no public waitlist beyond the TAC form.
TAC targets breadth. Project Glasswing gives Mythos Preview to roughly 52 organizations under partnership agreements; TAC is scaling toward thousands of defenders and hundreds of teams. For a mid-size security team or independent consultant, Mythos is out of reach - GPT-5.4-Cyber might not be, pending verification.
Strengths and Weaknesses
Strengths
- Binary reverse engineering that isn't available in standard GPT-5.4
- 88.23% on professional CTFs and 86.27% on CVE-Bench pass@1 are credible scores
- Broader access model than Claude Mythos Preview - thousands of defenders versus roughly 52 orgs
- Tiered verification scales better than Anthropic's partner-selection process
- Integrates with Codex Security's existing vulnerability-management pipeline
- Inherits GPT-5.4's 1M context window, computer use, and compaction at no extra charge
Weaknesses
- Fine-tune of a general-purpose model, not purpose-built like Mythos
- Mythos leads where both are measured (93.9% SWE-bench Verified, 83.1% CyberGym)
- No public pricing - procurement can't be planned without TAC enrollment first
- Verification queue is real; individual researcher applications are processed manually
- OpenAI acknowledges CTF benchmarks don't reflect live adversarial environments
- Access gating depends on identity verification scaling, which it hasn't proven yet
Related Coverage
- GPT-5.4-Cyber Review: Defensive AI, Controlled Access - Our 7.5/10 review
- OpenAI Launches GPT-5.4-Cyber for Vetted Defenders Only - Launch coverage
- Anthropic Ships $100M AI Cyber Defense to 12 Rivals - Project Glasswing context
- Claude Mythos Preview Finds Thousands of Zero-Days - The capability that prompted OpenAI's response
- OpenAI Codex Security and Aardvark Malware Analysis - Pipeline context
- GPT-5.4 - The base model
- Claude Mythos Preview - Anthropic's direct competitor
- Coding Benchmarks Leaderboard - Base model ranking
FAQ
Who can use GPT-5.4-Cyber?
Verified defenders only, through OpenAI's Trusted Access for Cyber program. Individuals verify at chatgpt.com/cyber; enterprises apply through OpenAI sales. Approval requires KYC-grade identity verification and evidence of defensive security work.
How does GPT-5.4-Cyber differ from regular GPT-5.4?
Same base weights, different fine-tuning, different refusal policy. GPT-5.4-Cyber allows binary reverse engineering and malware analysis that standard GPT-5.4 declines. Context window and computer use inherit unchanged.
How does it compare to Claude Mythos Preview?
Mythos leads on published benchmarks (93.9% SWE-bench Verified, 83.1% CyberGym) and is purpose-built. GPT-5.4-Cyber is a fine-tune targeting broader access: thousands of defenders via TAC versus roughly 52 orgs for Mythos via Project Glasswing.
Does OpenAI publish pricing?
Not publicly. Pricing is negotiated through TAC enrollment. Base GPT-5.4 lists at $2.50/$15 per million tokens, but that doesn't automatically apply to the Cyber variant.
Is it available on Azure or other platforms?
Not at launch. GPT-5.4-Cyber runs on OpenAI's direct infrastructure and chatgpt.com/cyber. ZDR surfaces and third-party platforms face additional restrictions.
Sources
- OpenAI: Scaling Trusted Access for Cyber Defense
- OpenAI Deployment Safety Hub: GPT-5.4 Thinking Cyber Evaluations
- GPT-5.4 Thinking System Card
- SiliconANGLE: OpenAI Launches GPT-5.4-Cyber
- The Hacker News: GPT-5.4-Cyber with Expanded Access
- Help Net Security: GPT-5.4-Cyber for Vetted Researchers
- CyberScoop: TAC Expansion to Thousands
- The Decoder: GPT-5.4-Cyber for Defensive Cybersecurity
- XDA Developers: Reverse Engineer Binaries
- Bloomberg: OpenAI Releases Cyber Model in Race With Mythos
- 9to5Mac: OpenAI Unveils GPT-5.4-Cyber
- MarkTechPost: Scaling Trusted Access for Cyber Defense
✓ Last verified April 21, 2026
