OpenAI is significantly expanding its Trusted Access for Cyber (TAC) program to include thousands of verified individual defenders and hundreds of security teams tasked with protecting critical software. In preparation for upcoming model advancements, the company has introduced GPT-5.4-Cyber, a specialized variant of GPT-5.4 fine-tuned specifically for defensive cybersecurity use cases. This release marks a strategic shift to scale cyber defenses in parallel with increasing model capabilities, guided by the principles of democratized access, iterative deployment, and ecosystem resilience. The initiative addresses the dual-use nature of artificial intelligence, which accelerates both defenders and attackers in the digital landscape. OpenAI notes that while existing vulnerabilities have long existed, AI now enables threat actors to devise novel, sophisticated attacks. Consequently, the company emphasizes that safeguards must evolve continuously rather than waiting for future thresholds. Since 2023, OpenAI has supported defenders through its Cybersecurity Grant Program and the Preparedness Framework, recently adding cyber-specific safeguards and launching Codex Security. This tool automatically monitors codebases, validates issues, and proposes fixes, having already contributed to over 3,000 critical and high-severity vulnerability resolutions. The core philosophy behind this expansion is ensuring that legitimate security actors have broad access to frontier capabilities without compromising safety. OpenAI aims to eliminate arbitrary barriers to access by utilizing objective criteria, such as robust Know Your Customer (KYC) and identity verification processes. The goal is to make advanced defensive tools available to organizations ranging from large enterprises to small teams protecting public services and critical infrastructure. Access to these tools follows an iterative deployment model. Customers approved through the TAC process will receive versions of existing models with reduced friction regarding safeguards that might otherwise block dual-use cyber activities. Those seeking higher tiers of access, including eligibility for GPT-5.4-Cyber, must undergo further authentication as legitimate cyber defenders. This top-tier model is designed with lowered refusal boundaries to enable advanced workflows, such as binary reverse engineering. This capability allows security professionals to analyze compiled software for malware and vulnerabilities without requiring access to the source code. Due to the increased permissiveness of GPT-5.4-Cyber, the initial rollout is limited to vetted security vendors, organizations, and researchers. The program acknowledges that certain high-risk features, such as zero-data retention environments, may have limitations, particularly when users access the models through third-party platforms where OpenAI has less visibility. OpenAI asserts that current safeguards are sufficient for broad model deployment, though more restrictive controls will remain necessary for models explicitly trained to be more permissive. As future models rapidly exceed current capabilities, the company expects to implement even more expansive defenses. The long-term strategy involves integrating advanced coding and agentic capabilities directly into developer workflows, shifting security from episodic audits to continuous, real-time risk reduction. By empowering defenders with these tailored tools, OpenAI aims to accelerate the identification and patching of vulnerabilities, ensuring the digital infrastructure relied upon by everyone remains secure against evolving threats.