在Anthropic发布其Claude Mythos模型几天后,OpenAI推出了GPT-5.4-Cyber,这是一款面向广大防御者的网络安全专用模型。
OpenAI宣布,正在将其“网络信任访问”计划规模扩大至数千名经验证的防御者和数百个安全团队。他们将获准使用GPT-5.4-Cyber,这是GPT-5.4的一个微调版本,为合法的网络安全工作放宽了常规的防护引导。
核心功能与访问机制
GPT-5.4-Cyber提供了新能力,例如二进制反向工程,使用户能够分析编译后的可执行软件,以查找漏洞和恶意行为。该模型最初以有限的迭代方式提供给经过审查的安全供应商、组织和研究人员。个人防御者可通过身份验证过程申请测试,而企业团队则需通过OpenAI账户代表进行对接。
OpenAI的公告围绕三个核心原则:民主化访问(通过客观验证而非人工把关让工具广泛可用)、迭代部署(从实际使用中学习并改进)以及生态系统韧性(通过资助、开源贡献及Codex Security等工具支持防御者社区)。
行业竞争态势
此举正值Anthropic发布Claude Mythos之后,据称后者能够自主发现数千个零日漏洞。由于其威力巨大,Anthropic限制了其公开发布,仅通过名为“Project Glasswing”的受限计划提供给少数大机构。尽管两家公司都优先考虑防御性用途并管理双重用途风险,但OpenAI认为先进的防御工具应尽可能触达更多的合法防御者。
Days after Anthropic unveiled its Claude Mythos AI model, OpenAI introduced GPT-5.4-Cyber, a cybersecurity-focused model that will be offered to many defenders.
OpenAI announced that it’s scaling its Trusted Access for Cyber program to thousands of verified defenders and hundreds of security teams. They will be given access to GPT-5.4-Cyber, a fine-tuned variant of GPT-5.4 that relaxes the usual guardrails for legitimate cybersecurity work.
GPT-5.4-Cyber also provides new capabilities such as binary reverse engineering, which enables users to analyze compiled executable software for vulnerabilities and malicious behavior.
The new AI model is initially being offered on a limited, iterative basis to vetted security vendors, organizations, and researchers.
Individual defenders who want to enroll into the Trusted Access for Cyber program and test GPT‑5.4‑Cyber can apply through chatgpt.com/cyber via an identity verification process, while enterprise teams must go through their OpenAI account representative.
The AI giant’s announcement centers on three guiding principles: democratized access (making tools widely available through objective verification rather than manual gatekeeping), iterative deployment (learning from real-world use and improving over time), and ecosystem resilience (supporting the broader defender community through grants, open source contributions, and tools like Codex Security).Advertisement. Scroll to continue reading.
The announcement comes in the wake of Anthropic’s release of Claude Mythos, a new and powerful AI model allegedly capable of autonomously discovering thousands of zero-day vulnerabilities. This led Anthropic to withhold its public release and instead offer it only to a few dozen major organizations through a restricted program called Project Glasswing.
Both Anthropic and OpenAI are prioritizing defensive use while managing dual-use risks, but the latter believes advanced defensive tools should reach as many legitimate defenders as possible.
“We don’t think it’s practical or appropriate to centrally decide who gets to defend themselves. Instead, we aim to enable as many legitimate defenders as possible, with access grounded in verification, trust signals, and accountability,” OpenAI explained.
The company has not shared information about the performance of its GPT-5.4-Cyber model, but said its Codex Security platform, which automatically scans codebases and proposes fixes, has already helped identify over 3,000 critical and high-severity vulnerabilities across the open source ecosystem.
Related: Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
Related: ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks
Related: ‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats
