OpenAI expands access to cyber AI as hacking risks grow

Axios Axios —

OpenAI laid out a new plan on Tuesday to expand access to AI models with https://www.axios.com/2026/04/10/anthropic-mythos-openai-cyber-threats" target="_blank">advanced cyber capabilities while implementing controls on who can use them.

Why it matters: The roadmap coincides with the release of a new model variant, GPT-5.4-Cyber, designed to assist with defensive cybersecurity tasks and be more permissive for vetted users.

Between the lines: OpenAI is shifting its approach to cyber risk to focus less on restricting what models can do and more on verifying who gets access to the most sensitive capabilities.

  • The company says it aims to make tools "as widely available as possible while preventing misuse" through identity verification and monitoring systems, according to a blog post.
  • OpenAI plans to expand access to thousands of individuals and hundreds of security teams through its already-established https://openai.com/index/trusted-access-for-cyber/" target="_blank">Trusted Access for Cyber program, provided they complete verification checks.

The intrigue: OpenAI's approach differs from Anthropic's more restrictive rollout, where only about 40 organizations are getting access to https://www.axios.com/2026/04/07/anthropic-mythos-preview-cybersecurity-risks" target="_blank">Mythos Preview.

  • Anthropic warned that its model was so adept at its https://www.axios.com/2026/03/29/claude-mythos-anthropic-cyberattack-ai-agents" target="_self">finding and exploiting security flaws that it was simply too dangerous to release widely.
  • OpenAI is responding to similar security risks by trying to make its tools more widely available for defensive cyber work while still preventing nefarious actors from accessing them.

    It's a difficult balance to strike.

Zoom in: OpenAI is adding new tiers to its Trusted Access for Cyber program, which launched earlier this year, with higher levels of verification unlocking more powerful capabilities.

  • Users approved for the highest tier will gain access to GPT-5.4-Cyber, which has fewer restrictions on sensitive cybersecurity tasks, such as vulnerability research and analysis.
  • The model is designed to reduce "unnecessary friction" for legitimate security work, after some cyber partners said they ran into issues with earlier GPT models sometimes refusing to answer dual-use cyber queries.

What they're saying: "This is a team sport, we need to make sure that every single team is empowered to secure their systems," Fouad Matin, a cyber researcher at OpenAI, told reporters. "No one should be in the business of picking winners and losers when it comes to cybersecurity."

Yes, but: The rollout will be gradual.

OpenAI says initial access to the more permissive model will be limited to vetted security vendors, organizations and researchers, but broader availability will scale over time.

  • The company also expects onboarding to take time as it reviews and verifies users.

The intrigue: OpenAI is not currently offering GPT-5.4-Cyber access to U.S. government agencies, but the company told reporters it is in ongoing discussions and will evaluate access through internal governance and safety review processes.

Reality check: Some security experts argue that many vulnerabilities identified by AI tools are not necessarily novel or easily exploitable.

What to watch: Running models with these capabilities requires a lot of computing power.

Not everyone will be willing to pay the price to run them on their environments.

Go deeper: https://www.axios.com/2026/04/14/anthropic-mythos-trump-administration-cisa-cuts" target="_blank">Funding cuts, political battles muddy Trump's response to Mythos

Read full article at Axios →

Anthropic and OpenAI Unveil Cyber Models