Exclusive: New OpenAI models likely pose “high” cybersecurity risk, company says

OpenAI says the cyber capabilities of its frontier AI models are accelerating and warns Wednesday that upcoming models are likely to pose a “high” risk, according to a report shared first with Axios.

Why it matters: The models’ growing capabilities could significantly expand the number of people able to carry out cyberattacks.

Driving the news: OpenAI said it has already seen a significant increase in capabilities in recent releases, particularly as models are able to operate longer autonomously, paving the way for brute force attacks.

• The company notes that GPT-5 scored a 27% on a capture-the-flag exercise in August, GPT-5.1-Codex-Max was able to score 76% last month.
• “We expect that upcoming AI models will continue on this trajectory,” the company says in the report. “In preparation, we are planning and evaluating as though each new model could reach ‘high’ levels of cybersecurity capability as measured by our Preparedness Framework.”

Catch up quick: OpenAI issued a similar warning relative to bioweapons risk in June, and then released ChatGPT Agent in July, which did indeed rate “high” on its risk levels.

• “High” is the second-highest level, below the “critical” level at which models are unsafe to be released publicly.

Yes, but: The company didn’t say exactly when to expect the first models rated “high” for cybersecurity risk, or which types of future models could pose such a risk.

What they’re saying: “What I would explicitly call out as the forcing function for this is the model’s ability to work for extended periods of time,” OpenAI’s Fouad Matin told Axios in an exclusive interview.

• These kinds of brute force attacks that rely on this extended time are more easily defended, Matin says.

• “In any defended environment this would be caught pretty easily,” he added.

The big picture: Leading models are getting better at finding security vulnerabilities — and not just models from OpenAI.

• As a result, OpenAI says it has been stepping up efforts to work across the industry on cybersecurity threats, including through the Frontier Model Forum that it started with other leading labs in 2023.
• The company says it will establish a separate Frontier Risk Council, an advisory group that will “bring experienced cyber defenders and security practitioners into close collaboration” with OpenAI’s teams.
• It’s also in private testing for Aardvark, a tool that developers can use to find security gaps in their products. Developers have to apply to gain access to Aardvark, which has already found critical vulnerabilities, OpenAI said.