OpenAI released a cybersecurity plan in the AI era for government structures and critical infrastructure

On April 29, 2026, OpenAI published its Cybersecurity in the Intelligence Age plan and proposed not locking powerful AI tools within a narrow circle of players, but rather quickly transferring them to verified defenders. The company's logic is simple: malicious actors will use AI anyway, so the winner is not the one who holds models under lock and key longer, but the one who strengthens defense faster.

Five Pillars of the Plan

OpenAI believes that cybersecurity is entering a new stage. The same models that help find vulnerabilities, accelerate patches, and automate defense are already being used in attacks: for phishing, reconnaissance, malware development, and bypassing security systems. However, the problem is not only in the models themselves. The digital environment is already overloaded with legacy systems, uneven updates, insecure software, and vulnerabilities in open source dependencies. Against this backdrop, the company compiled its response in five directions:

• expand access to AI tools for defenders
• establish coordination between government, industry, and AI laboratories
• strengthen protection of frontier models themselves and sensitive knowledge around them
• maintain visibility and control over how such models are deployed and used
• provide ordinary users with tools for personal digital protection

OpenAI's key idea is neither complete openness nor strict containment, but "controlled acceleration." The company explicitly states that advanced models for cyber tasks will almost certainly spread more widely over time, so the question is no longer whether they will reach different players, but whether democratic institutions will have time to turn the current technological advantage into a sustainable defensive advantage. Otherwise, defenders will be chasing the attack market rather than getting ahead of it.

Who Will Get Access

The main mechanism in the plan is called Trusted Access for Cyber, or TAC. It is a tiered access program to more powerful and more "permissive" models for legitimate defensive work. Access levels will depend on trust in the user, their tasks, and the scale of defensive impact. In other words, the more powerful and sensitive the tool, the stricter the verification, security requirements, monitoring, and terms of use. The goal is to eliminate unnecessary friction for defensive work, but not to open the door to destructive scenarios.

Initially, OpenAI wants to scale TAC to several groups. Priority is given to defenders in federal, regional, and local government agencies, as well as large players who can protect thousands and millions of end users: security platforms, hyperscaler providers, infrastructure companies, software supply chain defenders, and critical infrastructure operators. Separately, the company highlights the financial sector as one of the main targets for sophisticated attacks. For smaller hospitals, school districts, water utilities, municipalities, and local operators, access is offered through trusted intermediaries—MSSPs, industry organizations, major vendors, and CISA-supported programs. Later, they plan to expand this framework to U.S. allies.

"Cybersecurity is teamwork."

Opening access is not enough if the market lacks a common framework for threat sharing. Therefore, the second part of the plan is dedicated to coordination between government, industry, and AI laboratories: a common threat model, rapid exchange of operational intelligence on attacks, selection of the most important sectors and use scenarios, and use of existing government channels for response. OpenAI separately emphasizes that no single laboratory sees the full picture of misuse, so coordination between laboratories becomes not a supplement but a mandatory part of defense.

How Defense Will Be Strengthened

The third and fourth parts of the plan concern OpenAI itself and the rules for deploying such systems. The company promises to more strictly protect models, weights, sensitive environments, and internal knowledge from leaks, theft, unauthorized copying, and distillation. The list of measures includes stricter access control, segmentation of sensitive environments, expanded monitoring, protection of software and hardware supply chains, and enhanced control over privileged access and insider risks.

To verify its resilience, OpenAI plans to more actively engage external teams and reminds of its expanded partnership with Microsoft on collective defense. At the deployment level, the company is betting on a risk-oriented model. For ordinary users, basic protective measures are maintained: model behavior restrictions and automatic system checks.

For trusted users with mission-critical tasks, access will be multilayered: with identity verification, legal confirmations, basic security obligations, misuse reporting, and additional monitoring. If risk increases, OpenAI retains the right to quickly tighten restrictions, reduce limits, require re-authentication, downgrade access level, or revoke it entirely.

The fifth part concerns the mass user. According to the company, ChatGPT users are already sending over 15 million messages per month asking to verify if something is fraud. OpenAI wants to develop this scenario further: help people recognize suspicious messages, set up stronger passwords and MFA, respond to breaches, and recover faster from fraud or account compromise. In the coming days, the company also promises new security features for ChatGPT accounts to make basic digital hygiene simpler and more accessible.

What This Means

OpenAI has publicly taken a position for selective expansion of access, rather than a model where powerful cyber tools remain with a few select organizations. If this approach works, AI defense will become not a niche service for experts, but an infrastructure layer for the state, clouds, developers, and ordinary users. If not, the debate over who can be trusted with frontier models and on what terms will only intensify.