Skip to main content
OpenAI

Request OpenAI Pilot: Trusted Access For Cyber

Trusted Access for Cyber enables vetted enterprise customers and cybersecurity practitioners to use our most capable models for dual-use cybersecurity work. We view these capabilities as powerful force multipliers for network defenders, while recognizing that malicious actors may seek to exploit the same tools to increase the scale and sophistication of their operations.

Trusted Access for Cyber mitigates this risk by requiring members to provide additional identification and professional use-case information. While these measures are not expected to prevent all potential misuse, they work in combination with our existing cyber safeguards to meaningfully reduce the risk of harm, enabling us to make higher-risk, higher-impact capabilities available to a broader community of defenders.

Requirements to join:

  • Accurate completion of this application in its entirety; inaccurate or incomplete information may result in delays or failure to onboard
  • Willingness to provide additional information or clarifications requested by OpenAI prior to and following access

Customer / Entity Details

A. Organization identification

Click here(opens in a new window) to find yours.

B. Primary point of contact (submitting individual)

C. Relationship with OpenAI

Professional Use Case

D. How do you plan to leverage Trusted Access to Cyber?

Legal terms and attestations

Trusted Access for Cyber Participant Addendum

These Trusted Access for Cyber Terms (these “Terms”), together with the intake responses and attestations submitted through the intake form at https://openai.com/form/enterprise-trusted-access-for-cyber/ or attached hereto (the “Intake Form” and collectively with the Terms, the “TAC Addendum”), form part of the Services Agreement between OpenAI and the entity named in the Intake Form (“Customer”), and govern Customer’s access to models made available to Customer through the Trusted Access for Cyber (“TAC”) program. "Services Agreement" means either (a) if the Customer and OpenAI already have a signed agreement for OpenAI Services, that existing written agreement with OpenAI or an OpenAI Affiliate, together with any applicable service terms, data processing addendum, policies, and other incorporated documents; or (b) if Customer and OpenAI do not already have a signed agreement for the Services, then the OpenAI Services Agreement available at https://openai.com/policies/services-agreement/ or any subsequently negotiated agreement for Services. To participate in TAC, Customer must submit the information in the Intake Form and receive approval from OpenAI. 

  1. Representations and Warranties. Customer represents and warrants that the information in the Intake Form is true and correct in all respects, and Customer will notify OpenAI if there are any material changes to the information submitted in the Intake Form during the term in which TAC is used. Customer acknowledges and agrees that provision of false or misleading information in the Intake Form, or any failure to notify OpenAI in writing if any information provided in the Intake Form has changed or is no longer complete and accurate, will constitute a material breach of the TAC Addendum and the Agreement.

  2. Approved Use Cases. Participation in TAC comes with heightened responsibility. Access to advanced cyber capabilities is granted only for legitimate, defensive, and authorized security purposes (“Approved Use Cases”). Approved Use Cases are intended to enable real-world security testing, vulnerability research, and defensive readiness and do not include uses that may cause harm, disruption, or unauthorized access. Customer is only authorized to use TAC to enable its own employees to engage in Approved Use Cases and only in compliance with OpenAI’s usage policies at: https://openai.com/policies/usage-policies/⁠, as well as OpenAI’s Cyber Abuse Policy.

  3. Cyber Abuse Policy. We disallow use of our Services to facilitate Cyber Abuse. “Cyber Abuse” means unauthorized access, exploitation, credential theft, data exfiltration, malware or destructive capabilities, social engineering, evasion, lateral movement, denial-of-service activity, or assistance to any sanctioned entities or identified malicious cyber actors.  This does not prohibit benign defensive, educational, research, privacy-protective, incident response, or authorized security testing uses, including malware or vulnerability analysis, responsible disclosure, and red-team planning, so long as the activity does not enable real-world harm, target live systems without authorization or provide actionable assistance for abuse.

  4. Approved Access Credentials. “Approved Access Credentials” are, collectively, the Org ID, API keys, and specific end user IDs approved by OpenAI for any Approved Use Case. Customer may only make TAC access available to its employees with a valid need to access TAC, and Customer is responsible for all activities that occur using the Approved Access Credentials. Customer may not (a) share or otherwise make the Approved Access Credentials available to third parties, or (b) share or sell access to the capabilities provided under the Approved Access Credentials to third parties without OpenAI’s express prior written consent. Customer must immediately notify OpenAI if it becomes aware of or reasonably suspects unauthorized access or use of Approved Access Credentials, including any use of TAC for a purpose that is not an Approved Use Case.

  5. Additional Actions. OpenAI will have the right to take any action it deems necessary, in its sole discretion, to preserve the safety, security and integrity of the Services or its business, including, without limitation, suspending or terminating Customer’s access to TAC without refund, requiring additional documentation or assurances to permit continued TAC, conditioning TAC use on Customer’s acceptance of additional requirements or limitations, and pursuing all legal and equitable remedies permitted by applicable laws.

  6. Indemnification. Notwithstanding anything to the contrary in the Services Agreement, unless Customer is a government entity prohibited by law from agreeing to this Section, Customer will indemnify, defend, and hold OpenAI and its affiliates harmless against any liabilities, damages, and costs (including reasonable attorneys’ fees) payable to a third party arising out of any use of the Approved Access Credentials in violation of this TAC Addendum. Limitations on liability in the Services Agreement do not apply to this TAC Addendum.

If OpenAI approves you for Government Trusted Access for Cyber ("GTAC"), the following additional terms apply.

  1. GTAC access is intended only for approved users performing lawful, authorized defensive cybersecurity work supporting an approved government mission, government environment, or government-validated protected infrastructure. 

  2. Consistent with the OpenAI Usage Policies, GTAC may not be used for offensive operations, gaining unauthorized access, malware deployment or improvement, credential theft, phishing, data exfiltration, sabotage, or denial-of-service activity.

  3. GTAC is not available for general corporate security, commercial product development, resale, proxying, embedding, customer-facing product traffic, downstream third-party use, or other work outside the approved GTAC scope. Contractors, defense industrial base companies, integrators, cybersecurity vendors, and other non-government entities may use GTAC only to support the approved GTAC scope.


  1. I have reviewed the Intake Form and I declare and confirm that the information provided is accurate and complete to the best of my knowledge and belief after due inquiry and reasonable diligence.

  2. I have requisite authority to sign this form on behalf of the Customer and have obtained all internal approvals required to pursue TAC.

  3. I will notify OpenAI in writing immediately if I learn that any information in this Intake Form is not, or is no longer, accurate and complete.

  4. Customer agrees to the legal terms in this Intake Form, which are hereby incorporated into the Service Agreement.


Note: After submitting, you’ll complete a brief verification step to confirm your identity, including a government ID check and providing basic business information.