Trusted Access for Cyber is designed around a simple premise: advanced cyber capabilities should reach defenders broadly, but access should scale with trust, validation, and safeguards. Today we’re sharing the first organizations helping put that approach into practice, from open-source security teams and vulnerability researchers to enterprises operating some of the world’s most complex digital environments.
The strength of this approach comes from the breadth of defenders involved. Cybersecurity is a team sport, and the systems people rely on are protected by organizations of many kinds, from major enterprises and security vendors to researchers, maintainers, public institutions, nonprofits, and smaller teams with limited security resources.
Investing in the broader ecosystem
Not every organization has the benefit of a 24x7 security team who is able to respond to incidents when they are disclosed on a Friday night(opens in a new window). It’s important for all software developers to benefit from the advanced cybersecurity capabilities of frontier models, which is why we’ve committed $10 million in API credits through our Cybersecurity Grant Program.
Initial recipients include Socket(opens in a new window) and Semgrep(opens in a new window), which focus on software supply chain security, and Calif(opens in a new window) and Trail of Bits(opens in a new window), which pair frontier models with vulnerability research experts. We’re looking to partner with more teams that have a proven track record of identifying and remediating vulnerabilities in open source software and critical infrastructure systems—teams can apply here.
Building resilience together
The critical defenders joining this program protect digital infrastructure we all rely on, and will help us learn from real-world use, improve our safety systems, and make advanced defensive capabilities more useful across the ecosystem. These are firms that are already world-renowned for enterprise security leadership in their respective industries. The goal is to build the trust, verification, and accountability needed to make these tools available to the many defenders whose work keeps people, institutions, and critical systems safe.
Companies and organizations that have already signed up to support these efforts include Bank of America, BlackRock, BNY, Citi, Cisco, Cloudflare, CrowdStrike, Goldman Sachs, iVerify, JPMorgan Chase, Morgan Stanley, NVIDIA, Oracle, Palo Alto Networks, SpecterOps, US Bank, and Zscaler(opens in a new window).
We have also provided access to GPT‑5.4‑Cyber to the U.S. Center for AI Standards and Innovation (CAISI) and the UK AI Security Institute (UK AISI) so that they can conduct evaluations focused on the model’s cyber capabilities and safeguards.
We will keep expanding Trusted Access for Cyber as we learn, with safeguards that rise with capability and pathways that help legitimate defenders move faster. We want participants to push the frontier of defensive research, share what they discover, and help turn new insights into stronger protection for everyone. Cyber defense is a shared challenge, and this program should reflect the breadth of the people and organizations doing that work every day.
BNY CrowdStrike Cisco Citi NVIDIA Oracle Zscaler iVerify SpecterOps Cloudflare Palo Alto Networks
> “BNY is committed to helping protect the security and resilience of the financial system as AI capabilities accelerate. We are working closely with those at the forefront of enabling these efforts. Building on our ongoing collaboration with OpenAI, we are pleased to participate in their Trusted Access for Cyber program”
—Leigh-Ann Russell, Chief Information Officer and Global Head of Engineering
* 2026
Author
OpenAI