OpenAI’s GPT-5.4-Cyber Challenges the “Superhuman” Hacking of Claude Mythos

Anthropic previously inaugurated Claude Mythos for a select cadre of preeminent technology firms. This model is primarily engineered for cybersecurity reconnaissance, empowering organizations to unearth systemic vulnerabilities and fortify their defensive postures. However, due to the potentially formidable capabilities of Claude Mythos, access is strictly sequestered; enterprises must submit exhaustive applications and secure formal authorization, while individual security researchers remain excluded from its utility.

In a commensurate maneuver, OpenAI has unveiled GPT-5.4-Cyber, a specialized iteration of the GPT-5.4 architecture designed with a “cyber-benign” focus. Its primary objective mirrors its predecessor: to augment the resilience of digital defenses. OpenAI has signaled that as it prepares to deploy increasingly potent models in the coming months, GPT-5.4-Cyber—which has undergone rigorous fine-tuning for defensive security applications—will serve as a foundational vanguard.

Access to GPT-5.4-Cyber is reserved exclusively for those who can authenticate their status as cybersecurity defenders. Within this environment, researchers may utilize the model to identify flaws, conduct malware reverse-engineering, and orchestrate vulnerability remediation. Notably, in a departure from the restrictive ethos of Claude Mythos, OpenAI permits individual security researchers to petition for access, provided they can demonstrate a purely defensive and investigative intent.

OpenAI underscores that because the model operates under relaxed safety constraints to facilitate deep security analysis, its current deployment is limited and iterative, confined to vetted security software providers, enterprises, and independent scholars. Individual practitioners may initiate identity verification and submit their credentials via chatgpt.com/cyber, while corporate clientele are encouraged to coordinate with OpenAI’s commercial representatives. Nevertheless, the submission of a request does not guarantee admission; all users must await formal adjudication before being granted access to GPT-5.4-Cyber.