OpenAI Warns Upcoming AI Models Pose High Cybersecurity Risk

Key takeaways

The Microsoft-backed AI company said its frontier models' cyber capabilities are accelerating at an unprecedented pace.

Internal testing showed performance on cybersecurity tasks jumped from 27% on GPT-5 in August 2025 to 76% on GPT-5.1-Codex-Max in November 2025, according to a report shared exclusively with Axios.

Models could develop zero-day exploits

According to OpenAI's Preparedness Framework, models reaching "high" capability levels could either develop working zero-day remote exploits against well-defended systems or meaningfully assist with complex enterprise or industrial intrusion operations aimed at real-world effects.

"We expect that upcoming AI models will continue on this trajectory," OpenAI stated in a blog post published Wednesday.

"In preparation, we are planning and evaluating as though each new model could reach 'high' levels of cybersecurity capability."

In an exclusive interview with Axios, OpenAI's Fouad Matin explained the driving force behind these advances.

"What I would explicitly call out as the forcing function for this is the model's ability to work for extended periods of time," Matin said.

While this extended autonomy enables brute force attacks that could significantly expand the pool of potential attackers, Matin emphasized that these types of attacks remain vulnerable to detection.

"In any defended environment, this would be caught pretty easily," he added.

Defense-in-depth approach and new security initiatives

OpenAI said it is implementing multiple layers of defense to counter emerging cybersecurity risks.

The company is relying on a mix of access controls, infrastructure hardening, egress controls, and monitoring to mitigate potential threats.

"We are investing in strengthening models for defensive cybersecurity tasks and creating tools that enable defenders to more easily perform workflows such as auditing code and patching vulnerabilities," the company stated.

To address these concerns, OpenAI announced several new initiatives.

The company will establish the Frontier Risk Council, an advisory group bringing experienced cyber defenders and security practitioners into close collaboration with its teams.

The council will initially focus on cybersecurity before expanding into other frontier capability domains.

OpenAI also revealed it is developing Aardvark, an "agentic security researcher" currently in private beta that can scan entire codebases, detect vulnerabilities, and propose patches.

The company plans to offer the tool free to select non-commercial open-source projects to help improve supply-chain security.

Industry-wide challenge

The cybersecurity challenges extend beyond OpenAI.

Leading AI models across the industry are getting better at finding security vulnerabilities, prompting increased collaboration through initiatives like the Frontier Model Forum, which OpenAI started with other leading labs in 2023.

The company will soon introduce a trusted access program to explore providing qualifying users and customers working on cyber defense with tiered access to enhanced capabilities in its latest models for defensive use cases.

OpenAI's warning comes as the company continues to balance the dual-use nature of AI technology, capabilities that can strengthen defenses while also potentially lowering barriers to sophisticated cyberattacks.

Read more:

UK Launches AI-Powered Submarine Defence Programme To Counter Russian Threat

Choco Launches First AI Voice Agent For Food Service With OpenAI Partnership

Sam Altman Explores Rocket Company Investment In Potential Space Race With Elon Musk