Scaling Trusted Access for Cyber Defense with AI

We are expanding our Trusted Access for Cyber (TAC) program to empower thousands of individual defenders and hundreds of teams safeguarding critical software. Our approach is rooted in democratized access, iterative deployment, and ecosystem resilience. With the advent of more advanced models like GPT-5.4-Cyber, specifically fine-tuned for cybersecurity, we aim to enhance defensive capabilities. This model is designed to be cyber-permissive, enabling defenders to identify and fix vulnerabilities more efficiently.

The progressive integration of AI into cybersecurity accelerates defenders' ability to protect systems and data. Since 2023, we've bolstered our support for defenders through initiatives like the Cybersecurity Grant Program and the Preparedness Framework. In 2025, we began embedding cyber-specific safeguards in our models, and this year, we launched Codex Security to address vulnerabilities at scale.

Our strategy is guided by three core principles: democratized access, iterative deployment, and investing in ecosystem resilience. We strive to make advanced defensive tools widely accessible while preventing misuse through clear criteria and automated processes. Iterative deployment allows us to learn and improve our models' capabilities and safety systems continuously. We also support the defender community with grants, open-source contributions, and technologies like Codex Security.

Cyber risk is an ongoing challenge, but we can act by leveraging AI to find vulnerabilities and enhance cyber workflows. Our models' dual-use nature requires us to expand access based on user trust and usage context, supported by verification and accountability systems. As models' capabilities grow, so must our defenses.

We have progressively trained our models, starting with GPT-5.2 and advancing to GPT-5.4-Cyber, which offers high cyber capabilities. Our efforts include a $10M Cybersecurity Grant Program and Codex for Open Source, providing free security scanning. Codex Security has already contributed to fixing over 3,000 critical vulnerabilities.

By integrating advanced coding models into developer workflows, we aim to shift security from episodic audits to continuous risk reduction. We are expanding TAC to include more tiers of access for verified cybersecurity defenders, offering them advanced capabilities like binary reverse engineering without needing source code access.

Access to TAC is straightforward, with individual verification available online and enterprise requests managed through OpenAI representatives. This program reduces safeguard friction for legitimate cybersecurity activities, supporting security education and responsible vulnerability research. We believe our current safeguards sufficiently reduce cyber risk, preparing us for even more powerful future models.