OpenAI scales cyber-defense access, raising security stakes for monday.com teams

OpenAI is treating cyber defense as a mainstream use case for frontier models, and that shift lands directly on monday.com’s security, infrastructure and platform teams. The company said it is scaling Trusted Access for Cyber to thousands of verified individual defenders and hundreds of teams responsible for critical software, while fine-tuning a cyber-permissive variant called GPT-5.4-Cyber. For an enterprise SaaS company that sells workflow automation and AI-assisted productivity, the message is clear: model capability is no longer enough. Buyers now want proof that AI features ship with identity checks, logging, misuse controls and a defensible rollout model.

The timing matters. OpenAI said on April 16 that the strength of Trusted Access for Cyber comes from the breadth of defenders involved, including open-source security teams, vulnerability researchers and enterprises operating complex environments. It also said the program is meant for authorized defensive cybersecurity work and that it is committing $10 million in API credits to accelerate cyber defense. OpenAI said it began evaluating cyber capabilities in 2023 and added cyber-specific safeguards in 2025, a reminder that guardrails are now part of the product road map, not a cleanup step after launch.

That same logic shows up in OpenAI’s Codex Security preview. The tool is designed to identify, validate and remediate vulnerabilities in code, scanning connected repositories commit by commit and confirming high-signal issues in an isolated environment before surfacing them. OpenAI said early internal deployments found a real SSRF flaw and a critical cross-tenant authentication vulnerability, both patched within hours. For monday.com engineers building more agentic experiences, that is not just an AI-security anecdote. It is a product requirement list: prompt injection resistance, scoped access, auditability and sandboxing have to be built into the workflow.

monday.com already sells into that security conversation. The company says it is trusted by more than 250,000 customers worldwide and runs on multiple AWS Availability Zones across the United States, European Union and Australia, with disaster recovery in another AWS region. Its trust center lists SOC 2 Type II and ISO/IEC 27001:2022, while Enterprise admins can use an Audit Log that records login activity, device information and IP addresses, plus an Audit Log API to spot unwanted access and suspicious behavior. monday.com also offers AI Permissions and Governance controls on its Enterprise plan, along with a Guardian security and governance add-on for data protection, secure access and compliance. OpenAI’s move suggests those kinds of controls are becoming table stakes. For monday.com, the competitive edge in AI will increasingly depend on how visibly the company can prove that its tools are safe to trust.