Microsoft and OpenAI announce a deeper cybersecurity partnership through OpenAI’s Trusted Access for Cyber, giving Microsoft’s CISO and defense teams access to OpenAI’s cyber-capable models to bolster protection across cloud, identity, productivity, and frontier AI.

The collaboration is framed amid rising AI threats, with OpenAI noting that AI models are raising the security bar for everyone.

Microsoft will apply its cybersecurity infrastructure and expertise, including its Secure Future Initiative, to protect OpenAI’s systems, models, and shared customers.

Financial terms and timeline for the deal were not disclosed.

Industry context includes debates about the realism of model-based cyber capabilities and comparisons between proprietary and open-source models in security applications.

OpenAI has strengthened defensive cybersecurity since late last year, including the Cybersecurity Grant Programme and Codex Security, helping fix over 3,000 critical/high-severity vulnerabilities and supporting more than 1,000 open-source projects with free security scanning.

OpenAI’s cybersecurity strategy emphasizes three principles: expanding defender access, deploying systems iteratively, and investing in ecosystem resilience.

OpenAI released GPT-5.4-Cyber, a cyber-focused variant, and demonstrated it to federal cyber defense practitioners, following an event in Washington.

The collaboration and related initiatives reflect a broader industry push to strengthen defense against AI-driven cybersecurity threats across platforms and services.

The deal sits at the commercial end of frontier AI tooling and raises questions about expanding Trusted Access for Cyber to mid-market organizations with open-source risk but limited defense budgets.

OpenAI has committed $10 million in API credits through its Cybersecurity Grant Programme to accelerate adoption among security teams and extend frontier model access to under-resourced defenders, with support from security institutes for independent evaluations.

Trusted Access for Cyber is an identity-based, tiered program that ensures deployment of advanced cyber tools to vetted users and aims to scale to thousands of verified defenders and hundreds of teams across finance, cloud, and security.