OpenAI is finalising a specialised cybersecurity AI product that will not be available to the general public. According to a report by Axios published on April 9, 2026, the San Francisco-based company plans to release this model to a small, hand-picked group of technology and cybersecurity companies through its existing “Trusted Access for Cyber” pilot programme. The move comes just days after rival Anthropic announced a similar restricted rollout of its own powerful cyber model, Claude Mythos.
The product is built on GPT-5.3-Codex, OpenAI’s most capable reasoning model for cybersecurity tasks to date. Unlike its standard ChatGPT products, this tool is designed to autonomously find and potentially exploit software vulnerabilities — capabilities that OpenAI itself considers too risky to hand over without vetting. The Trusted Access for Cyber programme, launched in February 2026, already comes with $10 million in API credits committed to vetted participants.
What This Means for India
India’s cybersecurity market is growing fast — and so are its attack surfaces. With millions of smart meters being deployed, data centres coming up in Pune and Hyderabad, and UPI processing billions of daily transactions, the stakes of a major cyberattack on critical infrastructure have never been higher. OpenAI’s Trusted Access for Cyber programme currently accepts vetted global partners. Indian cybersecurity firms — Think Lucideus, TAC Security, or Quick Heal Technologies — could potentially qualify. No Indian outlet has asked this question yet. For a country with the world’s largest digital public infrastructure, getting early access to AI tools that can autonomously find vulnerabilities before attackers do is not just a tech story. It is a national security conversation.
Key Details at a Glance
- OpenAI is finalising a new cybersecurity AI product — separate from its upcoming flagship model codenamed “Spud” — to be released only to select vetted partners, not the public.
- The product runs on GPT-5.3-Codex, OpenAI’s current top-tier reasoning model, which can work autonomously for hours on complex tasks like finding code vulnerabilities.
- Distribution will flow through the existing “Trusted Access for Cyber” pilot, which OpenAI launched on February 5, 2026, with $10 million in API credits for participants.
- Anthropic announced its own restricted cyber model — Claude Mythos Preview — just days earlier, making OpenAI’s move a direct competitive response. Both companies are now adopting a “responsible disclosure” model borrowed from traditional cybersecurity practice.
- OpenAI also acquired cybersecurity startup Promptfoo in March 2026, and rebranded its earlier “Aardvark” tool as Codex Security — meaning this new product is the third cybersecurity move OpenAI has made in under 60 days.
What Happens Next
OpenAI has not announced a public launch date or named any confirmed partners for the new cybersecurity model as of April 10, 2026. Industry experts at SANS Institute and Palo Alto Networks have warned that regardless of gated releases, autonomous hacking capabilities are already broadly replicable — meaning the responsible disclosure window is weeks, not months. Eyes in the security community are now on OpenAI’s next flagship model, codenamed “Spud,” to see whether it carries similar capabilities and faces the same distribution restrictions.
FAQs
What is OpenAI’s new cybersecurity AI product?
OpenAI is building a specialised cybersecurity AI model powered by GPT-5.3-Codex that can autonomously identify software vulnerabilities. Unlike its regular products, this will only be released to a small group of vetted technology and cybersecurity companies through its Trusted Access for Cyber programme — not available to the general public.
How is OpenAI’s cybersecurity AI different from Anthropic’s Claude Mythos?
Both OpenAI and Anthropic are taking the same restricted-release approach for their most powerful cyber-capable models, but the products are different. Anthropic’s Claude Mythos Preview was announced slightly earlier and focuses on identifying software vulnerabilities at scale. OpenAI’s product is still being finalised and will distribute through its existing Trusted Access for Cyber partner framework.
Can Indian companies get access to OpenAI’s cybersecurity model?
OpenAI has not published a country-specific eligibility list for the Trusted Access for Cyber programme. However, the programme is open to vetted global technology and security firms. Indian cybersecurity companies that meet OpenAI’s trust and identity verification criteria could potentially apply — though OpenAI has not confirmed any Indian partners as of April 10, 2026.