OpenAI Deploys Cyber Model After North Korea Supply Chain Breach

OpenAI is expanding access to a new artificial intelligence model designed to identify software vulnerabilities, days after the company disclosed a supply chain attack linked to North Korea that compromised its macOS application signing process.

The company announced it is scaling its Trusted Access for Cyber program to thousands of verified defenders and hundreds of security teams, granting them access to GPT-5.4-Cyber. The model relaxes standard guardrails to enable legitimate cybersecurity work, arriving one week after rival Anthropic released its own security-focused AI tool called Mythos.

The rollout follows OpenAI's April 11 disclosure that Axios, a widely used third-party developer library, was compromised on March 31 as part of a broader software supply chain attack by actors believed linked to North Korea. The breach led a GitHub Actions workflow to download and execute a malicious version of Axios, which had access to certificate and notarization material used for signing macOS applications including ChatGPT Desktop, Codex, Codex-cli, and Atlas. OpenAI concluded the signing certificate was likely not successfully exfiltrated, and said no user data was accessed, though the incident exposed vulnerabilities in its development infrastructure.

"We don't think it's practical or appropriate to centrally decide who gets to defend themselves," OpenAI stated. "Instead, we aim to enable as many legitimate defenders as possible, with access grounded in verification, trust signals, and accountability."

The company said its Codex Security platform, which automatically scans codebases and proposes fixes, has already identified over 3,000 critical and high-severity vulnerabilities across the open source ecosystem. OpenAI has not shared performance benchmarks for GPT-5.4-Cyber.

(OpenAI is requiring all macOS users to update their apps to the latest versions by May 8, when older versions will no longer receive updates or support and may cease functioning. The root cause was identified as a misconfiguration in the GitHub Actions workflow, which has been addressed.)

The cybersecurity model release intensifies competition with Anthropic, whose Mythos tool has drawn concern from banking executives and government officials over its potential to uncover vulnerabilities in critical infrastructure. Anthropic co-founder Jack Clark confirmed the company was briefing U.S. government officials on April 13, stating "our position is the government has to know about this stuff."

OpenAI's announcement centers on three principles: democratized access through objective verification rather than manual gatekeeping, iterative deployment to learn from real-world use, and ecosystem resilience through grants and open source contributions. The company introduced a $100 monthly ChatGPT Pro subscription tier for heavy users and developers, and is rumored to be preparing a new GPT model release alongside an upgraded image generation tool.