OpenAI is telling the world that its next wave of models could be powerful enough to count as a “high” cybersecurity risk, and it wants to set expectations before they ship.
📌 Key Takeaways
- OpenAI says upcoming frontier models are likely to hit “high” cybersecurity risk on its internal scale.
- Future systems could help craft zero-day exploits and support complex industrial or enterprise intrusions.
- The company is building defensive tools like Aardvark, plus stricter access, monitoring and egress controls.
- A new Frontier Risk Council will bring outside cyber experts into ongoing model and policy decisions.
- The warning lands amid “code red” pressure to beat rival models, sharpening the speed versus safety tension.
OpenAI Flags “High” Cyber Risk From Its Next Frontier Models
In a fresh security warning, OpenAI says the cyber capabilities of its most advanced models are climbing so fast that future releases are “likely” to be classified as high risk for cybersecurity.
The company’s internal Preparedness Framework rates model risk across domains such as cybersecurity and biosecurity. “High” is the second highest tier, just below “critical,” where a model would be considered too dangerous for broad public release.
From Code Assistant To Zero-Day Co-Pilot
OpenAI’s new warning is explicit about what might change. Upcoming systems could plausibly generate working zero-day remote exploits against hardened targets, or help plan sophisticated intrusions into enterprise and industrial networks.
That shift is not hypothetical. In internal capture-the-flag exercises, one current model scored 27%, while a newer variant jumped to 76% on similar hacking challenges, highlighting how fast offensive capabilities are improving with each iteration.
— Fouad Matin, Head of Cybersecurity, OpenAI
That “extended periods” point matters because autonomous agents that can keep running, retrying and adapting on their own are far better suited to brute force attacks, credential stuffing and large-scale vulnerability scanning.
Defensive Cyber Tools, Tighter Controls And A Frontier Risk Council
OpenAI is trying to position these models as net positives for defenders, not only new weapons for attackers. The company says it is investing heavily in workflows that help security teams audit code, locate vulnerabilities and patch systems faster.
One example is Aardvark, a still-private tool that lets vetted developers point the model at their own software and infrastructure to uncover security gaps. OpenAI says Aardvark has already surfaced critical vulnerabilities in external products during testing.
— OpenAI risk report on upcoming models
To reduce misuse, the company outlines a stack of safeguards that includes stricter access controls, hardened infrastructure, egress filters and continuous monitoring of how powerful tools are used.
A new tiered access program will reserve the most capable features for vetted cyber defense teams. OpenAI also plans to create a Frontier Risk Council, bringing seasoned security practitioners into regular contact with its technical and policy leads.
The council will start with cyber threats, then expand to bioweapons and other high-risk areas as models advance.
Safety Frameworks Under Pressure From The AI Arms Race
This is not the first time OpenAI has warned that its own roadmap could cross a line. Earlier this year, the company said future systems are likely to increase bioweapons risk, and updated its Preparedness Framework to cover self-replication and concealment behaviours.
External researchers and governments have been raising similar alarms, arguing that generative AI is already boosting phishing, deepfake and intrusion capabilities, even before models hit OpenAI’s high risk bar for cybersecurity.
At the same time, reporting suggests OpenAI is internally in a kind of “code red” as it races to keep pace with rival systems. Staff have been pushed to move faster on new ChatGPT versions using more user-generated feedback.
That tension sits at the heart of this latest warning. OpenAI is openly telling regulators and customers that some of the very capabilities it is racing to develop could also make real-world cyber incidents easier to launch, automate and scale.
What This Means For Companies And Security Teams
For enterprises, the message is twofold. First, offensive cyber capabilities are on track to become more accessible, even to relatively low-skill attackers who can lean on powerful models and agentic tooling.
Second, the same technologies may soon underpin a new generation of defensive scanners and response systems. Security leaders will have to decide how comfortable they are plugging high-capability models into sensitive environments, even with vendor safeguards.
Questions around logging, data retention, prompt injection, insider abuse and regulatory expectations will only grow as “high” risk models mature. For policymakers, the warning adds weight to calls for clearer rules on AI-enabled cyber operations.
If model providers know they are building systems that can find and weaponise zero-days, pressure will rise for transparency, independent evaluation and coordinated disclosure channels that protect defenders first.
Conclusion
OpenAI is effectively telling the world that the next frontier models will not just answer coding questions, they could meaningfully change the balance of power in cybersecurity, for both attackers and defenders.
By framing upcoming systems as “high” risk before they launch, and tying them to new safeguards, councils and tooling, the company is trying to show it understands the stakes.
Whether that is enough will depend on how those models are actually deployed, and how quickly the rest of the security ecosystem adapts to AI that can probe, break and help fix the internet at scale.
📈 Latest AI News
11th December 2025
For the recent AI News, visit our site.
If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.
