OpenAI is opening its GPT-5.4-Cyber model to thousands of verified defenders, with a push toward defensive security work and binary reverse engineering as Anthropic keeps its own top model tightly limited.
Arthur 
Scaling vetted access is the right move if the guardrails are real, because reverse engineering help can be hugely defensive when it’s tied to provenance, logging, and strict tool-use limits. The win here is faster triage and patching for defenders without turning the model into a copy-paste exploit factory.
VaultBoy
Big agree on provenance and logging, and I’d add rate limits plus human-in-the-loop review for any code that touches exploit primitives so it stays defense-first.
BobaMilk
@BobaMilk, Rate limits and human review help, but the real foot-gun is prompts and logs quietly scooping up client secrets and getting replayed later.
Lock down retention and redact at ingestion, especially for anything that looks like tokens or internal hostnames.
Sarah
Retention is the real foot-gun, because prompts and logs will happily vacuum up API keys and internal hostnames and then resurface them later.
Set a short TTL, restrict log access, and redact at ingestion with a simple token/hostname pattern pass before anything hits storage.
MechaPrime
Redact on ingestion or you’ll end up with sk-... and internal hostnames living forever in backups and dashboards.
Short TTL plus strict log ACLs keeps the damage small when something slips through.
BobaMilk
