OpenAI Launches GPT-5.4-Cyber: A New AI Model Tailored for Cyber Defense

OpenAI has officially introduced GPT-5.4-Cyber, a specialized version of its GPT-5.4 model designed specifically for cybersecurity applications. This move, coupled with an expansion of the company’s Trusted Access for Cyber (TAC) program, signals a significant push to integrate artificial intelligence into defensive security operations. The announcement, made on April 14 via a blog post, positions this new model as a tool to empower security professionals while carefully managing potential risks.

What Makes GPT-5.4-Cyber Different for Cyber Defense?

Unlike standard large language models, GPT-5.4-Cyber is described as “cyber-permissive.” This means it has been fine-tuned to lower its refusal boundaries for legitimate cybersecurity tasks. For defenders, this translates into a model that can handle sensitive queries about vulnerabilities, threat analysis, and incident response without unnecessary restrictions. OpenAI states that this variant enables advanced defensive workflows, allowing researchers and organizations to explore complex security scenarios.

Building on this, the model is a direct response to what OpenAI calls “steady improvements in agentic coding.” As AI-driven coding becomes more powerful, the potential for both defensive and offensive applications grows. Therefore, GPT-5.4-Cyber aims to give defenders a comparable edge, helping them identify and fix flaws faster than attackers can exploit them.

Expanding the Trusted Access for Cyber Program

The expansion of the Trusted Access for Cyber (TAC) program is a key part of this release. Initially launched in February, TAC was designed to automate identity verification and reduce friction for cybersecurity tasks. Now, OpenAI has introduced additional tiers, with the highest levels reserved exclusively for users who authenticate themselves as cybersecurity defenders. This staggered release strategy allows OpenAI to monitor usage carefully and learn from real-world deployment.

As a result, only vetted security vendors, organizations, and researchers currently have access to the full capabilities of GPT-5.4-Cyber. However, the company has expressed a desire to make these tools widely available while preventing misuse. Stronger verification processes are now in place to ensure that the model’s cyber defense capabilities are not abused.

Addressing Dual-Use Risks

OpenAI acknowledges a fundamental challenge: “Cyber capabilities are inherently dual use.” This means that the same technology which helps defenders can also aid attackers. Therefore, the company is proceeding with caution. By limiting access to verified professionals, OpenAI aims to mitigate the risk of malicious actors leveraging GPT-5.4-Cyber for offensive purposes. This approach mirrors broader industry trends, including Anthropic’s launch of Claude Mythos Preview and Project Glasswing, which focus on discovering and fixing vulnerabilities.

Implications for Software Security and Development

Beyond immediate defense, GPT-5.4-Cyber and the TAC program are positioned to improve software development practices. OpenAI argues that the strongest ecosystem is one that continuously identifies, validates, and fixes security issues as code is written. By integrating advanced coding models into developer workflows, the company hopes to shift security from periodic audits to ongoing, tangible risk reduction.

For example, developers could use GPT-5.4-Cyber to receive immediate, actionable feedback on vulnerabilities while building applications. This proactive approach could reduce the number of exploitable flaws in production software. However, the effectiveness of this strategy will depend on how well the model integrates with existing development tools and workflows.

What This Means for the Future of AI in Cybersecurity

This launch represents a growing trend: AI companies are increasingly tailoring their models for specific high-stakes domains. For cybersecurity professionals, GPT-5.4-Cyber offers a glimpse into a future where AI assistants can handle complex threat analysis, automate routine defenses, and even suggest code patches. Nevertheless, the dual-use nature of such capabilities ensures that access will remain tightly controlled for the foreseeable future.

To learn more about how AI is reshaping security operations, check out our guide on AI cybersecurity tools and best practices. Additionally, explore how vulnerability management strategies are evolving with machine learning.

In conclusion, OpenAI’s GPT-5.4-Cyber marks a deliberate step toward harnessing AI for cyber defense. While the model is not yet widely available, its development underscores the importance of building secure, verifiable AI systems. For defenders, the message is clear: AI is becoming an indispensable ally, but only if wielded with care and accountability.

AI Security Institute Warns: Strengthen Cyber Basics After Mythos Preview Test

The AI Security Institute (AISI) has issued a clear warning to organizations worldwide: reinforce your cybersecurity fundamentals now. This call comes after the institute conducted rigorous evaluations of Anthropic’s latest model, Claude Mythos Preview. The model made headlines last week when Anthropic claimed it had identified thousands of zero-day vulnerabilities spanning decades. As a result, the company launched Project Glasswing, allowing select tech vendors to use the model to locate and patch these flaws. Although Anthropic pledged not to release Mythos Preview publicly, concerns persist that threat actors may eventually gain access.

What the AI Security Institute Found in Its Tests

The UK-based AI Security Institute conducted controlled evaluations of Mythos Preview and described it as “a step up over previous frontier models in a landscape where cyber performance was already rapidly improving.” In these tests, when explicitly directed and given network access, the model demonstrated the ability to execute multi-stage attacks on vulnerable networks. It could autonomously discover and exploit vulnerabilities—tasks that would typically take human professionals days to complete.

However, the results were not without caveats. The AISI built a “32-step corporate network attack simulation,” running from reconnaissance to full network takeover. Human experts would need around 20 hours to finish this operation. Mythos Preview succeeded in only three out of ten attempts, completing an average of 22 out of 32 steps. Yet, the institute noted that with more inference compute, its performance could improve significantly.

Limitations of the Testing Environment

The AISI also highlighted that its testing environment differs from real-world conditions in important ways. “Mythos Preview’s success on one cyber range indicates it is at least capable of autonomously attacking small, weakly defended, and vulnerable enterprise systems where network access has been gained,” the institute explained. However, it added that these ranges lack security features often present in real environments, such as active defenders and defensive tooling. There are also no penalties for actions that would trigger security alerts in a live setting.

Therefore, the AISI stated it “cannot say for sure” whether Mythos Preview could successfully attack well-defended systems. Moving forward, the institute plans to simulate hardened environments with endpoint detection and real-time incident response to close these knowledge gaps.

Why Cybersecurity Basics Matter Now More Than Ever

In light of these findings, the AI Security Institute urged security teams to improve baseline protection to mitigate potential attacks using Mythos. “Our testing shows that Mythos Preview can exploit systems with weak security posture, and it is likely that more models with these capabilities will be developed,” the institute concluded. This underscores the importance of cybersecurity basics, such as regular application of security updates, robust access controls, proper security configuration, and comprehensive logging.

Building on this, the AISI also suggested that organizations consider using AI to deliver “game-changing improvements in defense.” A joint blog from the AISI and the National Cyber Security Centre (NCSC), published on March 30, outlined how AI can help reduce the attack surface through machine-speed system scans, identify misconfigurations and vulnerabilities, test exploitability, and map complex attack paths. Additionally, AI can enhance threat detection by triaging alerts, making sense of patterns from diverse logs, and writing summary reports for analysts. It can also automate response actions, such as blocking traffic flows, quarantining suspicious processes, and revoking user access.

Practical Steps for Organizations

So, what should organizations do now? First, prioritize the fundamentals: patch systems regularly, enforce strong access controls, and maintain detailed logs. Second, explore how AI tools can augment your security operations. For example, using AI for automated vulnerability scanning can free up human analysts for more complex tasks. Third, stay informed about emerging AI capabilities and their implications for cybersecurity. The AISI’s work serves as a critical reminder that as AI models become more powerful, both attackers and defenders will gain new tools.

For more insights, check out our guide on AI security best practices for enterprises and learn about zero-day vulnerability management strategies. Finally, read the NCSC’s latest AI security guidance to align with government recommendations.

The Bottom Line on AI and Cyber Defense

The AI Security Institute’s evaluation of Mythos Preview is a wake-up call. While the model’s current success rate is limited, its capabilities are evolving. Organizations cannot afford to wait for the perfect defense. Instead, they must strengthen their cybersecurity posture today. By combining solid fundamentals with intelligent AI tools, businesses can better prepare for the threats of tomorrow. The message from the AISI is clear: the time to act is now.

Apple patches iOS bug that allowed law enforcement to recover deleted chat messages from iPhones

Apple has released a critical software update for iPhones and iPads, closing a vulnerability that enabled authorities to retrieve messages that users thought were permanently gone. This flaw, which affected notifications from apps like Signal, meant that deleted or auto-expiring messages could linger on devices for weeks.

The fix arrives as a direct response to a privacy concern that surfaced earlier this month. According to a report from 404 Media, the FBI successfully used forensic tools to extract deleted Signal messages from an iPhone. The issue stemmed from the way notification content was cached in the device’s database, even after users deleted the original messages within the app.

How the bug exposed deleted messages

In a security notice, Apple acknowledged that the bug caused “notifications marked for deletion [to] be unexpectedly retained on the device.” This meant that the content of messages—visible in notifications—was stored for up to a month, making it accessible to anyone with the right forensic software.

Signal, Signal, which offers disappearing messages as a key privacy feature, was particularly affected. Meredith Whittaker, president of Signal, publicly urged Apple to address the issue after the FBI’s method came to light. “Notifications for deleted messages shouldn’t remain in any OS notification database,” she wrote on Bluesky.

What the iOS update fixes

The patch, included in the latest iOS and iPadOS updates, ensures that notification content is properly cleared when messages are deleted. Apple also backported the fix to older iOS 18 versions, covering a broader range of devices. The company did not immediately explain why notifications were being retained in the first place, but the update suggests it was an unintended bug.

This move is significant for privacy-conscious users who rely on disappearing messages in apps like Signal and WhatsApp. These features are designed to protect sensitive conversations, especially for journalists, activists, and others at risk of device seizure.

Implications for user privacy

Privacy advocates expressed concern when the FBI’s technique became public. The ability to recover deleted messages undermines trust in end-to-end encryption and auto-delete features. However, Apple’s swift response shows a commitment to closing such loopholes.

For users worried about similar vulnerabilities, keeping devices updated is essential. Regularly installing iOS updates ensures protection against known exploits. Additionally, disabling message previews in notification settings can reduce the risk of content being cached.

What this means for law enforcement access

While the fix blocks one method, it does not eliminate all forensic tools. Authorities may still access data through other means, such as iCloud backups or device passcode cracking. Nonetheless, this update closes a significant gap that allowed easy recovery of deleted messages.

Apple’s decision to patch the bug reinforces its stance on user privacy. The company has long resisted creating backdoors for law enforcement, and this update aligns with that philosophy. Users can now feel more confident that their deleted conversations remain deleted.

For more on protecting your digital privacy, check out our guide on securing your iPhone and tips for using Signal safely.