OpenAI reportedly developing standalone cybersecurity tool

OpenAI is reportedly shifting its cybersecurity focus from passive safety guardrails to active, standalone defense tools. This evolution follows the company’s recent launch of “Trusted Access for Cyber” and the acquisition of AI security firm Promptfoo in March 2026.

Rather than a single consumer app, OpenAI’s “standalone” cybersecurity strategy appears to be a tiered ecosystem designed to put frontier reasoning models like GPT-5.3 Codex directly into the hands of professional defenders.

1. Trusted Access for Cyber: The Identity Layer

On February 5, 2026, OpenAI launched Trusted Access for Cyber, an identity-verified framework that effectively removes “safety friction” for legitimate security researchers.

• Verified Defense: Security professionals who verify their identity at chatgpt.com/cyber can access more permissive versions of OpenAI models. These models are less likely to “refuse” requests to analyze malware or find vulnerabilities in code when used for defensive patching.
• $10 Million Grant: To support this, OpenAI committed $10 million in API credits specifically for cyber defense teams and open-source security projects.
• Autonomous Reasoning: The pilot uses GPT-5.3 Codex, which OpenAI describes as their “most cyber-capable model,” able to work autonomously for hours to remediate complex vulnerabilities.

2. The Promptfoo Acquisition: Native Red-Teaming

In March 2026, OpenAI acquired Promptfoo, a popular AI security platform used by 25% of Fortune 500 companies. This acquisition is the engine behind OpenAI’s standalone security evaluation tools.

• Project Frontier Integration: Promptfoo’s technology is being integrated into OpenAI Frontier, a platform for building enterprise “AI coworkers.”
• Automated Red-Teaming: The tool allows enterprises to automatically test their own AI agents for prompt injection, jailbreaks, and data leaks before they are deployed.
• Open Source Commitment: OpenAI has pledged to keep the core Promptfoo CLI open-source, allowing the wider developer community to continue using the evaluation library for free.

3. “Project Cyber”: The Rumored Standalone Suite

While not yet officially named, industry leaks suggest a forthcoming standalone product (internally referred to as Project Cyber) that would compete directly with Microsoft Sentinel and Google’s Mandiant.

4. Strategic Context: Defense vs. Offense

OpenAI’s push into standalone security tools is a response to the “democratization of hacking” enabled by early LLMs.

• The “Malicious Use” Report: In its February 2026 report, OpenAI detailed how it disrupted multiple state-sponsored threat actors who were using AI to “socially engineer” targets and debug malicious scripts.
• Defense-First Mandate: OpenAI’s board has reportedly mandated that for every “capability leap” in GPT models, a corresponding “defensive leap” must be released to prevent a massive imbalance in global cyber power.

5. Collaboration with the “Department of War”

On March 2, 2026, OpenAI reached a historic agreement with the U.S. government to deploy these advanced cyber systems in classified environments.

• Cloud-Only Safety: The security tools are deployed via a private cloud where OpenAI retains “full discretion” over the safety stack.
• Strict Red Lines: The contract explicitly bans the use of OpenAI cyber tools for autonomous lethal weapons or domestic surveillance, focusing instead on infrastructure protection.

“We want the people defending the United States and global infrastructure to have the best tools,” an OpenAI spokesperson noted. “Cybersecurity is one of the clearest places where AI progress can meaningfully strengthen the baseline of human safety.”