OpenAI Recommends New Cybersecurity Model GPT-5.4-Cyber to U.S. Government and "Five Eyes" Alliance
OpenAI has been introducing the capabilities of its latest cybersecurity product, GPT-5.4-Cyber, to U.S. federal and state agencies, as well as intelligence-sharing partners within the "Five Eyes" alliance, hoping to encourage these government departments to join its cybersecurity dedicated access program. The company held a closed-door event in Washington, D.C., demonstrating the new model's features and explaining the access process and tiered management arrangements.
OpenAI states that government agencies applying for access to GPT-5.4-Cyber must undergo the same vetting process as commercial customers to join its “Trusted Access for Cyber” program.
Various institutions and enterprises are currently competing to use the latest generation of AI tools, which offer significant potential benefits for cyber defense but also pose more dangerous attack methods for malicious hackers. OpenAI’s new model launch follows competitor Anthropic’s preview release of the cybersecurity model Mythos, and both companies are currently negotiating with government agencies to determine which entities can access the systems to what extent. Due to concerns about cyberattack risks, Anthropic has not publicly released Mythos, but has instead limited trial access to approximately 40 companies and organizations, including at least two U.S. federal government agencies. In contrast, OpenAI is adopting a “dual-track” strategy: on one hand, providing a more widely available version to general users under stronger security protections; and on the other hand, offering a more relaxed, more powerful version for defensive parties through the “Trusted Access for Cyber” program.
At the Washington, D.C. presentation, Chris Lehane, OpenAI’s Global Affairs Head, stated that this dual-track model will help more critical but resource-constrained institutions—such as local water facility operators—have the opportunity to leverage advanced AI tools to strengthen their defenses. OpenAI’s National Security Policy Head, Sasha Baker, told attendees that the company hopes to establish closer cooperation with government departments at all levels, prioritize identifying the most critical cybersecurity application scenarios, and build cross-industry threat intelligence sharing channels. OpenAI is also working with U.S. state governments to facilitate their access to GPT-5.4-Cyber.
Meanwhile, OpenAI has initiated communication with members of the “Five Eyes” alliance, planning to deliver a special briefing this week to relevant intelligence and government agencies in Australia, Canada, New Zealand, and the United Kingdom, to encourage these partners to complete their review and obtain model access permissions. The “Five Eyes” alliance, as a long-standing intelligence-sharing mechanism, is considered the core circle of U.S. cybersecurity cooperation. Unlike OpenAI’s smooth progress, Anthropic’s deployment within the U.S. government has become more complex due to the Pentagon previously labeling the company as a “supply chain risk,” stemming from a fierce debate over AI security safeguards. However, despite this risk designation, the U.S. National Security Agency (NSA) is currently testing Mythos’s practical application potential in cyber defense.
From the early usage of companies and institutions that have gained access, both OpenAI’s GPT-5.4-Cyber and Anthropic’s Mythos preview version are mainly used to help users more efficiently discover exploitable security vulnerabilities within their own internal systems. This is particularly crucial for many government agencies that have long relied on outdated IT systems, have difficulty with patch updates, and bear a heavy security burden. With these more automated and intelligent tools, they are expected to significantly accelerate the identification and remediation of critical vulnerabilities, and improve overall cyber defense levels with limited resources.