OpenAI’s GPT-5.4-Cyber further underscores the need for the cybersecurity community to rethink its strategy and bolster its defenses against bad actors, even as the model responds to rival Anthropic’s controversial Mythos platform.
OpenAI rolled out GPT-5.4-Cyber on April 14, a few days after the Mythos limited release. The model is an expansion of OpenAI’s Trusted Access for Cyber (TAC) program, which provides cybersecurity professionals access to advanced AI models for defense security tasks. It is a fine-tuned version of GPT-5.4 that enables capabilities such as binary reverse engineering that cyber experts can use to analyze compiled software for potential malware and vulnerabilities. Cyber is only available to vetted security vendors, organizations, and researchers, according to OpenAI.
The model is notably a response to Anthropic’s release of Claude Mythos, which the Claude maker said is too powerful to release widely and is accessible only to select large companies. It is also evidence that cybersecurity experts need to be vigilant in finding ways to ensure they are prepared to defend against attacks by malicious users.
“The fact that they’re potentially opening it more broadly is going to be more helpful for the community because more people are going to have a chance to look at it,” said Lionel Litty, CISO at Menlo Security.
A Chance to Prepare
GPT-5.4-Cyber’s release through TAC could provide cybersecurity experts and researchers with further insights into how to prepare for cyberattacks, because, unlike Mythos, more people have access to it, Litty said. The AI-powered security platform protects organizations against cyber threats, including malware, ransomware, and phishing.
However, those with bad intent could also take advantage of that opportunity.
“There’s more chances of it being misused,” Litty said. He added that even with OpenAI’s security model being more open, “it remains to be seen where things fall in terms of how useful it’s going to be for us that are on the defensive side versus attackers.”
Despite uncertainty about who will use the capabilities, the message is clear: it is time for cybersecurity experts to prepare for the misuse of this iteration of generative AI technology.
“Most people knew this was coming, but it has become more urgent,” Litty said.
Enterprises need a clear understanding and visibility into what is happening in their organizations, and to assess whether components such as IT infrastructure need updating due to the organization’s new ability to rapidly discover new vulnerabilities, he added. On the other hand, bad actors’ ability to exploit security holes is accelerating, underscoring the need for enterprises to remediate security issues.
“This is where having a pretty good understanding of what you have in place, what needs to be secured and how a good process is in place, taking advantage of AI yourself is going to be important,” Litty said.
Beyond automation, enterprises need to be ready for software to be compromised and prepared with effective countermeasures, Litty added.
“You want to make sure that you can limit the damage,” he said. “Make sure you have a containment strategy in place.”
Rethinking the Strategy
Not only is the release of Cyber and Mythos a chance for cybersecurity experts to prepare for malicious attacks, but it might also signal that it is time to reconsider their overall defense strategy.
“They have to rethink how to do more autonomous reliability management or even more zero-cost oriented,” said Gartner analyst Arun Chandrasekaran. Enterprises should use AI to bolster their cybersecurity measures.
“The usage of AI, hopefully in cybersecurity, will significantly increase, with the improvements in capabilities that we’re seeing with these AI models,” Chandrasekaran said.
