AI Security: Defenders' Trust in Verification Wins
Trusted access enables defenders through verification and accountability
OpenAI's blog post on Wednesday ditched the usual lofty pronouncements. It led with cash: a $10 million Cybersecurity Grant Program. The tone was that of an engineering report, listing version numbers like GPT‑5.3‑Codex and a tally of over 1,000 open-source projects scanned. Trust, the company now argues, is built from these concrete, verifiable actions.
We aim to enable as many legitimate defenders as possible, with access grounded in verification, trust signals, and accountability. - Defenses should be continually scaled with capability. As model capabilities increase, defenses need to scale alongside them.
We've seen steady improvements in agentic coding, which have direct implications for cybersecurity and we've adapted our approach in step. - We began cyber-specific safety training with GPT‑5.2, then expanded it with additional safeguards through GPT‑5.3‑Codex and GPT‑5.4, where we also classified the model as "high" cyber capability under our Preparedness Framework. In parallel, we increased support for defenders: launching a $10M Cybersecurity Grant Program, reached over 1,000 open source projects with Codex for Open Source(opens in a new window) which provides free security scanning, and continued to improve Codex Security.
That granular ledger does real work. It's a progress report for partners, sure. But it's also a direct rebuttal to regulators in Washington and Brussels who fear uncontrollable AI. Deploying free scanning tools and grant money hardens the ecosystem everyone uses—a strategic necessity, not pure philanthropy.
The model is pragmatic. Don't just lock powerful tools away. Instead, issue tracked keys to vetted defenders, and do it fast.
The entire, expensive gamble rests on one critical process: the vetting. Who gets a key, and who is left outside.
Common Questions Answered
How does OpenAI approach trusted access for cybersecurity defenders?
OpenAI aims to enable legitimate defenders through a carefully managed access model based on verification, trust signals, and accountability. The approach involves scaling defenses alongside increasing model capabilities, with a focus on cyber-specific safety training and controlled deployment.
What are the key principles behind OpenAI's defender access program?
The program is built on three core principles: democratized access, iterative deployment, and resilience. Thousands of verified defenders are expected to receive TAC (Trusted Access Credentials) access, with hundreds of teams preparing to join the initiative.
What challenges does OpenAI face in scaling cybersecurity defenses with AI?
The primary challenge is balancing broad access with system security, ensuring that defenders can effectively respond to threats without exposing critical systems to unnecessary risks. There are ongoing uncertainties about how the principles of verification and accountability will translate at a larger scale.
Further Reading
- Introducing Trusted Access for Cyber - OpenAI
- Generative AI and Zero Trust Security - Cloud Security Alliance
- Generative AI Security Checklist: 12 Essential Controls - Liminal
- Trusted AI: Key Principles - Salesforce