OpenAI issued an important advisory in early December, warning that its next-generation artificial intelligence models will likely reach “high” cybersecurity risk levels, a classification indicating they could enable large-scale cyberattacks against well-defended systems.
This warning represents a critical inflection point in AI development, which points to the emergence of dual-use capabilities that simultaneously empower both defenders and potential attackers.
The Risk Assessment: What OpenAI is warning against
OpenAI’s concern is grounded in measurable capability acceleration. Models demonstrated extraordinary advances on capture-the-flag (CTF) security benchmarks, jumping from 27% accuracy on GPT-5 in August 2025 to 76% on GPT-5.1-Codex-Max by November 2025, a 49-percentage-point gain in just three months.
This trajectory suggests future models will cross OpenAI’s “High” capability threshold, defined within the company’s Preparedness Framework as systems capable of amplifying existing pathways to severe harm.
Operationally, OpenAI identified two specific attack vectors of concern. One, models could develop working zero-day remote exploits against well-defended systems; and two, models could meaningfully assist with complex, stealthy enterprise and industrial intrusion operations aimed at delivering real-world results.
These capabilities matter because extended autonomous operation, which enables models to function for hours without human intervention, creates conditions favorable to persistence-based tactics such as brute-force attacks. While such attempts remain detectable in defended environments, the combination of scale, speed, and sophistication fundamentally expands the threat surface.
OpenAI’s Risk Framework and strategic response
OpenAI operationalizes risk management through its updated Preparedness Framework, which distinguishes between two capability thresholds. “High” capabilities that amplify existing harm pathways and the second-highest level below the “Critical” capabilities that introduce unprecedented new and threatening ones.
The framework mandates that covered systems reaching “High” capabilities must have sufficient safeguards before deployment. Rather than waiting for future models to demonstrate high capability in production, OpenAI states it is “planning and testing future systems as if each new model could reach that level.”
The company’s mitigation strategy follows a defense-in-depth architecture rather than relying on any single control category.
Additionally, beyond technical controls, OpenAI is establishing two major institutional mechanisms. The Frontier Risk Council will bring experienced cyber defenders and security practitioners into regular collaboration with OpenAI’s teams, initially focused on cybersecurity before expanding to other frontier domains.
Simultaneously, the company is testing Aardvark, an AI-powered vulnerability discovery tool now in private beta. Early trials have already identified critical security flaws, and OpenAI plans free coverage for open-source projects, creating a constituency of defenders with vested interest in the tool’s effectiveness.
Broader industry context and implications
OpenAI’s warning reflects an industry-wide challenge rather than an isolated concern. Anthropic similarly escalated safety protocols when releasing Claude Opus 4, categorizing it at AI Safety Level 3 under its Responsible Scaling Policy, a first for the company due to model capabilities spanning dangerous thresholds including weapons development assistance and AI R&D automation.
This convergence across leading AI labs indicates the cybersecurity risk trajectory is systemic to current advancement in the intersection of AI and cybersecurity.
Additionally, there are implications for enterprise cybersecurity teams and they are substantial. AI makes cyberattacks easier and cheaper to carry out, even for less-skilled attackers. Because these attacks can then run nonstop at very low cost, defending against them becomes more expensive and difficult as it creates structural pressure on defensive economics.
