OpenAI's cyber policy is not a simple locked door. It is a turnstile.
In April, OpenAI said it was scaling Trusted Access for Cyber to thousands of verified individual defenders and hundreds of teams responsible for defending critical software. It also introduced GPT-5.4-Cyber, a cyber-permissive model for vetted security vendors, organizations, and researchers, with access shaped by identity verification, trust signals, and accountability. [1]
That design annoys both easy arguments. X's open-access camp says defenders need the best tools immediately. The lockdown camp says cyber-capable models are inherently reckless. OpenAI's own record says the risk depends not only on the model, but on who is using it, the trust signals around the user, and the visibility OpenAI has into the activity. [1]
The developer documentation makes the operational rule sharper. It says GPT-5.3-Codex and newer models, including GPT-5.4 and GPT-5.5, are classified as having high cybersecurity capability under the Preparedness Framework. As a result, automated safeguards apply in the API. If suspicious activity crosses thresholds, access can be temporarily limited, and requests may return a cyber_policy error. [2]
That is not just a policy statement. It is product behavior. For non-Zero Data Retention organizations, suspicious activity can lead to temporary revocation for a user or an entire organization, depending on whether a per-user safety identifier is implemented. For ZDR organizations, request-level mitigations can also apply because OpenAI has less routine visibility. [2]
The Preparedness Framework page explains the broader logic. OpenAI says tracked categories include biological and chemical capabilities, cybersecurity capabilities, and AI self-improvement, and that systems reaching high capability must have safeguards that sufficiently minimize severe risk before deployment. [3]
The usage policies close the loop by prohibiting malicious or abusive cyber activity, attempts to compromise systems, circumvention of safeguards, and national-security or intelligence uses without review and approval. [4]
The divergence is not whether cyber defense matters. Everyone says it does. The fight is over who gets the strongest tools before the misuse case arrives. OpenAI's answer is verification plus monitoring. Readers should judge that system by its receipts: who gets access, when it is revoked, how appeals work, and whether defenders outside the favored circle can actually pass through the turnstile.
-- THEO KAPLAN, San Francisco