OpenAI briefs U.S. agencies and Five Eyes on new cyber model

OpenAI has begun briefing U.S. federal agencies, state governments and members of the Five Eyes intelligence-sharing network on a new cybersecurity model, putting the company deeper into a market where governments are weighing speed against secrecy. In Washington, OpenAI held a demo for about 50 cyber defense practitioners across the federal government, a sign that the company is trying to move from broad AI sales into the sensitive business of core national-security tooling.

The model at the center of those talks is GPT-5.4-Cyber, a variant of GPT-5.4 fine-tuned for defensive cybersecurity use cases. OpenAI said it is scaling its Trusted Access for Cyber program to thousands of verified individual defenders and hundreds of teams responsible for defending critical software, and that it is committing $10 million in API credits to accelerate cyber defense. The pitch is straightforward: faster threat detection, better triage and stronger analysis of malicious code. The harder question is governance, since a more capable defensive model can also be adapted for offensive work.

That is why the outreach to Five Eyes governments matters. OpenAI said it has provided GPT-5.4-Cyber to the U.S. Center for AI Standards and Innovation and the UK AI Security Institute for evaluations focused on cyber capabilities and safeguards. Those reviews point to the next stage of adoption, where trust, vetting and access controls will matter as much as model performance. For agencies and allied security services, the unresolved issues include how to audit a commercial model, where sensitive prompts and logs are stored, and what procurement rules should apply when a private vendor sits inside defense workflows.

OpenAI’s national-security footprint has been widening for months. On February 9, 2026, the company said it was bringing ChatGPT to GenAI.mil, the Department of War’s secure enterprise AI platform used by 3 million civilian and military personnel. On April 16, OpenAI said Bank of America, BlackRock, BNY, Citi, Cisco, Cloudflare, CrowdStrike, Goldman Sachs, iVerify, JPMorgan Chase, Morgan Stanley, NVIDIA, Oracle, Palo Alto Networks, SpecterOps and Zscaler had joined its cyber-defense effort.

The competition is intensifying as well. Anthropic said in early April that Claude Mythos Preview was highly capable at computer security tasks and launched Project Glasswing with partners including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA and Palo Alto Networks. Together, the moves show that frontier AI labs are now selling not just software, but pieces of the cyber-defense stack itself, turning government dependency on private vendors into an early test case for how far states will outsource sensitive security functions.