OpenAI, the developer of ChatGPT, has entered a race with Antropic for dominance in defensive security AI by releasing a security-dedicated AI model exclusively to select security experts. OpenAI announced that it is providing the ‘GPT-5.4-Cyber’ model, optimized for detecting software security vulnerabilities, to select experts first.
GPT-5.4-Cyber will be initially provided to top-tier customers who have undergone identity verification and validation among participants of the ‘Trusted Access for Cyber’ (TAC) program, which OpenAI launched last February. Currently, the number of these top-tier customers stands at several hundred, but OpenAI plans to expand this to thousands within a few weeks. GPT-5.4-Cyber, a fine-tuned version of OpenAI’s top-tier model GPT-5.4 tailored for security tasks, features “binary reverse engineering” capabilities that allow it to analyze software executables without source code to identify potential malware or vulnerabilities.
Furthermore, unlike existing models that blocked requests suspected of being exploited for hacking, it lowered the threshold for request blocking to ensure there are no difficulties in detecting vulnerabilities for defensive operations. As AI demonstrates high performance in detecting security vulnerabilities such as software bugs, concerns are growing within the security industry regarding a so-called “Bugmageddon” scenario, where cybercriminals could exploit AI to launch hacking attacks across the board.
Indeed, “Mythos,” which Antropic recently distributed exclusively to select partners including Amazon, Apple, and Microsoft, has also sparked concerns within the U.S. financial sector and government agencies due to its exceptional vulnerability discovery capabilities. Treasury Secretary Scott Besant and Federal Reserve Chairman Jerome Powell even conducted an emergency inspection with CEOs of major banks. In South Korea as well, the Blue House National Security Office prepared an emergency response involving relevant government, private, and military ministries; accordingly, the Ministry of Science and ICT held an emergency meeting to review pending issues, chaired by Second Vice Minister Ryu Je-myung and attended by the three major telecommunications companies and key platform firms.
The simultaneous pre-release of top-tier models by OpenAI and Antropic to major companies, institutions, and developers is interpreted as a strategy to allow the defending side to secure AI models first, thereby gaining an advantage over hackers who might exploit AI, while simultaneously expanding their influence in the security sector.