OpenAI Courts Banks in Trusted Access for Cyber Partner Push

Agentic AI , Artificial Intelligence & Machine Learning , Governance & Risk Management OpenAI Courts Banks in Trusted Access for Cyber Partner Push Bank of America, Citi and Goldman Anchor Partner Cohort for OpenAI's GPT-5.4-Cyber Michael Novinson (MichaelNovinson) • April 16, 2026     Share Post Share Credit Eligible Get Permission OpenAI unveiled a partner list for its Trusted Access for Cyber program that's more concentrated in financial services than the launch partners for Anthropic's Project Glasswing. See Also: AI Security Risks Rise With Agentic Systems Initial Trusted Access for Cyber partners include financial heavyweights like Bank of America, Black Rock, BNY, Citi, Goldman Sachs and Morgan Stanley, none of which are piloting Anthropic's Claude Mythos Preview. Anthropic instead focused its initial defensive artificial intelligence efforts on tech and infrastructure giants including AWS, Apple, Broadcom, Google and Microsoft, none of which are today part of Trusted Access for Cyber. Just four companies were announced as launch partners for both Claude Mythos Preview as well as OpenAI's GPT-5.4-Cyber: Cisco, CrowdStrike, JPMorganChase and Nvidia. As for cyber vendors, Palo Alto Networks is only a member of Project Glasswing, while iVerify, SpecterOps and Zscaler are only part of Trusted Access for Cyber. OpenAI gave API credits to supply-chain firms Socket and Semgrep (see: Claude Mythos Could Flood Vendors With Fixes They Deferred). "The critical defenders joining this program protect digital infrastructure we all rely on," OpenAI wrote. "These are firms that are already world-renowned for enterprise security leadership in their respective industries. The goal is to build the trust, verification and accountability needed to make these tools available to the many defenders whose work keeps people, institutions and critical systems safe." How Zscaler, CrowdStrike Gain From Trusted Access for Cyber Participating companies are expected to use GPT-5.4-Cyber across secure software development life cycle workflows, threat modeling, vulnerability discovery and incident response. Zscaler said it plans to integrate GPT-5.4-Cyber into its zero trust platform to accelerate vulnerability detection, automate remediation, detect, triage and mitigate vulnerabilities earlier, and patch security vulnerabilities faster. "GPT 5.4-Cyber is a key enabler to offer Security-as-a-Service to our developers throughout the SDLC process, from validating threat models in designs, to assisting with secure code reviews, finding vulnerabilities and executing black-box testing on built artifacts," Dhawal Sharma, Zscaler's executive vice president of AI security and strategic initiatives, wrote in a blog. CrowdStrike said access to GPT-5.4-Cyber will enhance its ability to prioritize exploitable risks using real-world threat intelligence, noting that attack timelines continue to shrink as adversaries automate operations. The company's agentic AI framework is multi-model by design and lets defenders choose the right model for each task while delivering enterprise-grade governance, according to CrowdStrike. "Frontier labs drive AI innovation. CrowdStrike delivers the intelligence, protection and governance to put it to work," CrowdStrike wrote. "OpenAI’s TAC gives CrowdStrike direct access to these capabilities, coupling them with proprietary threat intelligence and enforcement that only CrowdStrike has. As frontier AI advances across multiple labs simultaneously, CrowdStrike customers and partners benefit." Industry observers say the growing number of AI cybersecurity partnerships underscores the strategic importance of frontier models but also raises questions. Jeff Pollard, vice president and principal analyst at Forrester, said it's still unclear what participants gain from partnering with OpenAI or Anthropic, including whether partnerships involve data sharing, research commitments or financial contributions. "We don't know what these partnerships mean," Pollard told ISMG. "Does it just mean early access? Does it mean a combination of early access and the fact that these companies agreed to help fund some of the tokens and some of the API access for the open-source developers and others that OpenAI has talked about? Have they agreed to do research? Have they agreed to information sharing?" How Anthropic, OpenAI Initial Partner Picks Reflect Strategy Pollard said the mix of partners reflects differing strategies. OpenAI's focus on financial services firms aligns more closely with the challenges faced by the average CISO, particularly because of regulatory pressures and operational complexity. Meanwhile, Anthropic's focus on technology companies aligns with its developer-centric approach, emphasizing code security and software-driven environments. "A financial services org is probably closer to what an average CISO in the U.S. deals with than Anthropic or AWS or Microsoft or Google," Pollard said. "Those are just very, very different kinds of companies. And so I think the Trusted Access for Cyber, from an OpenAI perspective, probably cuts across a set of organizations that is more applicable to the average CISO than the Glasswing set of vendors does." The presence of Nvidia, JPMorgan Chase, Cisco and CrowdStrike in both ecosystems underscores their vital role in cybersecurity. Nvidia provides the compute backbone, J.P. Morgan represents an influential financial institution with a strong voice in software supply chain security, Cisco underpins large portions of network infrastructure, and CrowdStrike brings expertise in threat intelligence and incident response. "You can't really throw a rock without hitting an Nvidia partner," Pollard said. "So, when you're the company that's providing the underlying technology for all of this stuff, it's not too surprising that you're going to be a core partner for these types of use cases. So, that one doesn't surprise me." Anthropic's orientation toward developers positions it closer to the software creation layer, while OpenAI's partnership with Microsoft around Microsoft 365 and Copilot brings it into direct alignment with IT leaders and CISOs, Pollard said. The introduction of tools such as Codex has helped OpenAI build deeper bonds with developers, but the historical positioning still influences adoption patterns. "The Anthropic pool of partners in Glasswing, they're much more software focused," Pollard said. "But I think that's largely because when you look at those tech companies, every tech company is a code company at its core. And so it's not too much of a surprise that's where Anthropic would emphasize some of its capabilities." Agentic AI Artificial Intelligence & Machine Learning Governance & Risk Management Next-Generation Technologies & Secure Development Vulnerability Assessment & Penetration Testing (VA/PT) Share Post Share Credit Eligible Get Permission Previous Rethinking Cybersecurity for AI Speed in the Mythos Era Next CISA Warns of 'Detrimental Capacity Impacts' Amid Shutdown About the Author Michael Novinson Executive Editor, Business, ISMG Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021. You might also be interested in … AI or Data Governance? Gartner Says You Need Both ► Proof of Concept: Bot or Buyer? Identity Crisis in Retail ► A CISO’s Perspective on Scaling GenAI Securely