How OpenAI's Secure AI Shields Financial Giants From Threats

There is new wind in the arena for AI cyber defence and it is coming from OpenAI’s new release – GPT‑5.4‑Cyber. 

Committing US$10m in API credits through its Cybersecurity Grant Program and scaling its Trusted Access for Cyber (TAC) to defenders, OpenAI is strengthening its position among cyber defenders. 

As AI continues to evolve, OpenAI expects cybersecurity to become increasingly proactive rather than reactive, with intelligent systems playing a central role in detecting and preventing threats before they escalate. 

As AI cyber capabilities can power both offence and defence, OpenAI's TAC ensures that access to such powerful tools rests firmly in the hands of the defenders. 

TAC already has seen widespread adoption with enterprises such as Bank of America, BlackRock, BNY, Citi, Goldman Sachs, JPMorgan Chase, Morgan Stanley and US Bank, as well as Cisco, Cloudflare, CrowdStrike, iVerify, NVIDIA, Oracle, Palo Alto Networks, SpecterOps and Zscaler⁠ signing up. 

The capabilities are also being extended to regulatory and standards bodies, including the US Center for AI Standards and Innovation (CAISI) and the UK AI Security Institute (UK AISI), supporting the development of robust frameworks for AI-driven cybersecurity across financial services.

GPT-5.4-Cyber built for defensive security

GPT‑5.4‑Cyber is a model engineered specifically for defensive cybersecurity use cases within financial and enterprise environments.

It is optimised to support tasks such as vulnerability discovery, code analysis and incident response, where structured reasoning and auditability are essential.

Unlike general-purpose models, GPT‑5.4‑Cyber is designed to operate within tightly controlled, security‑constrained environments, enabling teams to trace complex logic chains, assess software behaviour and surface weaknesses earlier in the development lifecycle.

Its emphasis is firmly on defence over offence, aligning with the risk management priorities of financial institutions.

By embedding the model into cybersecurity workflows, OpenAI aims to help organisations reduce exposure and mitigate threats before they can be exploited at scale.

Industry leaders regard this shift as inevitable.

Lee Klarich, Chief Technology and Product Officer at Palo Alto Networks, says: “The release of the newest frontier AI models marks a turning point for cybersecurity.

“As a member of Anthropic’s Project Glasswing as well as OpenAI’s Trusted Access for Cyber programme, we’ve had a front row seat to the incredible advances of these models.

“Our early testing of Anthropic’s Claude Mythos Preview model reveals that frontier AI models are extraordinarily capable at finding vulnerabilities and generating corresponding exploits. 

“Perhaps more eye opening is their ability to find attack paths through vulnerability chaining and logic-based exposure.

“In the hands of defenders, this is incredibly valuable, but in the hands of attackers, these new capabilities, however guardrailed, won’t stay contained. Within months, advanced AI models with deep cybersecurity capabilities will become commonplace.

“We expect a deluge of vulnerabilities, a rise in Inside-Out Attacks and most significantly, a shift from AI-assisted to AI-driven attacks.”

Lee notes that organisations that have so far been “mostly protected” will effectively become exposed.

This reflects growing concern that AI is accelerating both sides of the cyber equation, heightening the urgency for defensive adoption.

Trusted Access for Cyber 

OpenAI is also scaling its TAC programme, a controlled initiative that gives vetted cybersecurity professionals secure access to advanced AI tools for defensive use.

The programme relies on identity verification and organisational validation to ensure that only trusted users can access higher-capability tools.

This enables security teams to use AI for research, vulnerability analysis and system hardening while maintaining strict safeguards.

“The top AI labs are building for defenders now,” says George Kurtz, CEO of CrowdStrike.

“CrowdStrike continues to lead the market in secure AI adoption, trusted by AI leaders and organisations of all sizes to accelerate the world's AI revolution.

“Thanks Sam Altman and Greg Brockman for your first frontier model purpose-built for defenders.”

His remarks underline the growing collaboration between AI developers and cybersecurity firms as defensive applications become a primary focus of frontier model deployment in fintech security.

Shift towards AI driven defence

OpenAI’s approach combines specialised models, controlled access and ecosystem support to strengthen cyber defence capabilities across financial services.

Alongside GPT-5.4-Cyber and the Trusted Access programme, the company is investing in security research and infrastructure protection efforts.

OpenAI had previously launched Codex Security to help defenders identify and fix vulnerabilities at scale.

The company notes: “Since the recent launch, Codex Security has contributed to over 3,000 critical and high fixed vulnerabilities, along with many more lower-severity fixed findings across the ecosystem.”

The direction reflects a broader industry shift towards AI-driven defence systems that identify and mitigate vulnerabilities earlier in the software lifecycle for financial applications.

As models become more capable, the emphasis is moving towards controlled deployment that balances innovation with security oversight.