When Anthropic unveiled its Mythos cybersecurity model last week under Project Glasswing, it restricted access to roughly 40 vetted organizations and framed the release in terms of urgency and risk. OpenAI responded on April 14 with a different posture: a model fine-tuned for offensive-defensive cyber work released to thousands of verified users, with an automated identity funnel rather than a curated invite list.

The move is not simply a product announcement. It is a wager on which approach to dual-use AI capability — concentrated access versus verified-but-broad access — produces better security outcomes at scale.

What GPT-5.4 Reverse Engineering Actually Does

GPT-5.4-Cyber is a fine-tuned variant of OpenAI's flagship GPT-5.4, modified to lower its refusal rate on dual-use cybersecurity queries. Standard safety classifiers on OpenAI's general models have historically flagged requests that legitimate security professionals make routinely — asking a model to analyze a shellcode sample, identify a buffer overflow, or walk through a common attack chain. The Cyber variant is trained to treat those requests differently when the user is a verified defender.

The most concrete technical addition is binary reverse engineering. Security analysts can now pass compiled software directly to the model and receive structured analysis covering potential vulnerabilities, malware indicators, and code behavior, without needing the original source. Previously, that kind of analysis required separate disassemblers and considerable manual effort. Integrating it into a frontier reasoning model shortens the time from suspicious binary to actionable finding.

OpenAI also released hard numbers on what its existing defensive tooling has accomplished. Codex Security, the application security agent that moved from private beta to research preview earlier this year, has contributed to fixes on more than 3,000 critical and high-severity vulnerabilities. Codex for Open Source, which offers free scanning to maintainers, has reached over 1,000 projects. Those figures give GPT-5.4-Cyber a deployment context — it is entering an ecosystem where OpenAI's defender stack already has documented results.

The Access Architecture

Trusted Access for Cyber launched in February as a pilot attached to GPT-5.3-Codex. At that point, the program covered a limited set of partner organizations and required manual review for most applicants. The April 14 expansion replaces that with a tiered verification structure.

Individual users authenticate at chatgpt.com/cyber using automated identity verification. Enterprises request access for their entire teams through an OpenAI representative. Users who clear those initial tiers can then apply for access to GPT-5.4-Cyber itself, which requires stronger authentication as a verified cybersecurity defender. OpenAI describes the intent as giving the most capable tools to the most verifiable people, rather than making blanket capability decisions based on who submitted a request form in February.

GPT-5.4-Cyber is launching in a limited rollout to vetted security vendors, researchers, and organizations before broader availability. One group is explicitly excluded from the current program: U.S. government agencies. OpenAI told reporters that conversations are ongoing and that any government access will go through internal governance and safety review, but no timeline was given.

The three principles OpenAI articulated to guide this approach are democratized access — using objective criteria and identity verification rather than subjective gatekeeping — iterative deployment that adjusts based on observed use, and investment in ecosystem resilience across defenders regardless of organizational size.

A Direct Contrast With Anthropic

The timing of OpenAI's announcement makes the comparison unavoidable. Anthropic's Mythos Preview, announced April 7 under Project Glasswing, reached approximately 40 organizations. Anthropic told reporters its model had identified high-severity flaws in every major operating system and web browser, framing the release around the magnitude of what the model could find.

OpenAI's blog post took a different tone. The company stated directly that it believes current safeguards are sufficient to support broad deployment of present models, a line that several outlets read as deliberate contrast to Anthropic's more cautious framing. Where Anthropic selected a small cohort of organizations, OpenAI is building an automated funnel designed to process thousands.

The underlying disagreement is about what the best control surface actually is. Anthropic appears to believe that tight control over which organizations access the most powerful tools is the primary protection. OpenAI is arguing that identity and intent verification, applied at scale, can deliver similar or better risk management while actually getting capable tools to the defenders who need them. "No one should be in the business of picking winners and losers when it comes to cybersecurity," OpenAI cyber researcher Fouad Matin told reporters.

Neither position has been tested at the scale both companies are describing. The practical question is whether OpenAI's verification pipeline is rigorous enough to distinguish security professionals from sophisticated attackers who could plausibly present the same credentials.

The Capability Curve That Makes This Urgent

OpenAI's internal benchmarks show how fast the performance baseline has shifted. GPT-5 scored 27% on capture-the-flag benchmarks in August 2025. By November, GPT-5.1-Codex-Max reached 76%. GPT-5.4 now carries a "high cybersecurity capability" classification under OpenAI's own Preparedness Framework, meaning it meets the threshold that requires additional safeguards before deployment.

The company's blog post acknowledged that the next generation of models, expected within months, will exceed the current "high" classification. Binary reverse engineering, which would have been a surprising capability in a general-purpose model a year ago, is now a feature being added to a tiered access program. The pace of that progression is why OpenAI frames its access architecture as something that must be built now, before the capability curve gets steeper.

Attackers are not waiting. OpenAI noted in its blog post that sophisticated threat actors are already extracting stronger performance from existing models by using more test-time compute — meaning they are not relying on off-the-shelf configurations but actively optimizing how they use publicly available tools. That observation pushes against any assumption that keeping the best models out of general circulation is sufficient protection.

What This Means for Defenders

For security professionals, the immediate practical question is access. Researchers who regularly hit refusal walls when asking AI models to analyze dual-use code samples or walk through vulnerability chains have a path to a model specifically calibrated for that work. The binary reverse engineering capability, in particular, addresses a workflow that has historically required specialized tools and significant time.

The Cybersecurity Grant Program, which OpenAI committed $10 million in API credits to support in February, is now actively funding teams working on critical infrastructure defense. That funding pool combined with the verification-based access program means that independent researchers, not just enterprise security teams, have a route to the most capable version of the model.

Whether the tiered access structure holds under real-world pressure remains to be seen. Identity verification systems have known limitations, and the same credential verification that screens in legitimate defenders can be gamed by determined adversaries with the right documentation. OpenAI has said it expects to evolve the program based on what it learns from early participants, which suggests the current architecture is a starting point rather than a settled policy.

The comparison between OpenAI's broad-access approach and Anthropic's restricted-cohort approach will play out over the next several months as both programs produce results. Those results will be the actual evidence base for which model of deployment is more effective at getting capable tools to defenders while limiting their reach to attackers.