OpenAI Selects Zafran for Trusted Access for Cyber

Last week, we shared that Zafran was selected for Anthropic's Cyber Verification Program, giving our platform verified access to Anthropic's advanced cyber-defense capabilities. That selection reflected a simple conviction: the same frontier models that let defenders audit the world's most important code also hand attackers an autonomous exploit factory, so defenders need early, verified access to those capabilities to prepare protections before a flaw goes public.

Today we are deepening that strategy. OpenAI has selected Zafran for its Trusted Access for Cyber (TAC) program. Our platform now draws on two of the most capable frontier AI labs in the world, and the cyber-specialized capabilities each provides, to protect the organizations that millions of people depend on.
‍

What Trusted Access for Cyber is

Trusted Access for Cyber is OpenAI's identity and trust-based framework for putting frontier cyber capabilities in the hands of verified defenders while continuing to block requests that could enable real-world harm. Once defenders are vetted and approved, they receive lower classifier-based refusals on authorized cybersecurity work, including vulnerability identification and triage, malware analysis, binary reverse engineering, detection engineering, and patch validation, while safeguards still stop activity like credential theft, persistence, and exploitation of third-party systems.

For most defensive work, GPT-5.5 with Trusted Access for Cyber is OpenAI's recommended model, carrying more precise safeguards for verified work in authorized environments while preserving the model's broad strengths and safety posture. Independent testing reported by Axios put GPT-5.5 roughly on par with Mythos, with the UK's AI Security Institute finding it among the strongest models it has tested on multi-step intrusion simulations.

For Zafran, selection means our platform is gaining verified access to GPT-5.5 with Trusted Access for Cyber, and our participation in the program lets us take full advantage of those capabilities to advance how the platform defends our customers.
‍

Why this matters for the organizations we defend

Zafran protects many of the largest critical infrastructure organizations in the country, including Fortune 50 financial and healthcare institutions, along with utilities and other operators of the systems people rely on every day. These are the environments where the patch-to-deploy gap is most dangerous. The window between a patch becoming public and a working exploit appearing has collapsed to hours, while deploying that patch across a regulated, legacy-heavy environment still takes weeks or months.

Frontier models widen that gap from both ends. They surface critical vulnerabilities at a volume the existing security infrastructure was never built to absorb, and in the wrong hands they compress the time from disclosure to weaponized exploit even further. Threat actors are already experimenting with these models. The defenders who win are the ones standing on the same frontier, with the same caliber of tooling, applied to protection rather than attack.

That is the principle behind our selection for TAC. We are fighting AI with AI. When attackers reach for frontier models to find and weaponize flaws faster, Zafran reaches for the same class of models to find and close those flaws first.
‍

What changes for our customers

The Zafran platform was built for this moment. Our Exposure Graph maps every vulnerability finding to the compensating controls already present in an environment, so when a new disclosure lands we can tell a security team which assets are exposed, which are already protected by existing defenses, and where the real gaps are. The Zero Day Agent runs that loop continuously, assessing exploitability against an organization's actual risk context and routing mitigation and remediation through the ticketing tools teams already use.

Full participation in TAC lets us put that frontier capability to work across the platform. Across vulnerability triage, malware analysis, binary reverse engineering, and patch validation, the model lets us reason about compiled and third-party software that teams cannot easily inspect, broadening the set of exposures we can assess and act on. Verified access means we are advancing detection and mitigation against frontier capabilities as they evolve, rather than scrambling once they are widely available and in adversary hands.

The practical result for customers is a shorter exposure window, mitigation that starts before a patch is available, and a clear, business-level answer to the question every board is now asking: are we exposed, and what are we doing about it.
‍

A durable advantage for defenders

Both Anthropic and OpenAI have framed their goal as a lasting advantage for defenders. We share that aim, and our selection for both labs' programs is how we make it real for the organizations we serve. Cheap, fast, capable cyber models are arriving within months, and many will reach attackers without the safeguards that keep them from being misused. The organizations that have built continuous, mitigation-first, automated programs before that happens will be the ones still standing when AI-powered exploitation becomes routine.

Being trusted by both Anthropic and OpenAI to wield frontier cyber capabilities for defense is a step toward securing that advantage for the critical infrastructure operators who count on us. We will share more as these programs develop.