A surge in model performance has reshaped OpenAI’s internal planning, the company revealed on Wednesday.
According to a new report, capability assessments using capture the flag (CTF) challenges have shown improvement from 27% on GPT-5 in August 2025 to 76% on GPT-5.1-Codex-Max in November 2025.
OpenAI has warned that some upcoming systems may reach “High” capability levels on its Preparedness Framework, meaning they could eventually assist with tasks ranging from complex intrusion operations to the development of zero-day exploits.
Jon Abbott, co-founder and CEO of ThreatAware, said the warning underscores the need to focus on basic protections.
“OpenAI’s warning that new models pose ‘high’ cybersecurity risks is exactly why getting the security foundations right is absolutely critical. AI might be accelerating the pace of attacks, but our best defense will continue to be nailing the fundamentals first.”
The company also said it is preparing for that possibility by developing layers of safeguards intended to channel advanced capabilities toward defensive outcomes. OpenAI added that its main goal is to strengthen the position of security teams that remain outnumbered and under-resourced.
Strengthening Industry-Wide Understanding
To manage the dual-use risks inherent in cyber workflows, the company outlined a defense-in-depth strategy built on several components:
-
Access controls, infrastructure hardening, egress controls and monitoring
-
Training that steers models away from harmful requests while maintaining usefulness for education and defense
-
System-wide detection tools that can block or reroute unsafe activity
-
End-to-end red teaming by external specialists
“These safeguards are designed to evolve with the threat landscape,” the company said.
Read more on cyberdefense innovation: How to Put Humans at the Forefront of Retail Cyber Defense
Abbott noted that rising capability makes long-standing threats more dangerous.
“Old-school threats, when combined with the scale and precision enabled by AI, make for a particularly toxic combination,” he explained.
“With models that can develop working zero-day remote exploits or assist with complex, stealthy intrusions, the barrier to entry for criminals has been dramatically lowered.”
OpenAI said it is coordinating with global experts to improve real-world applications of defensive AI and is preparing a trusted access program for qualifying users.
Another effort, Aardvark, is already in private beta. The agentic security researcher scans codebases, identifies vulnerabilities and proposes patches, and has uncovered new CVEs in open-source projects.
OpenAI said it will also launch a Frontier Risk Council to advise on responsible capability use, with further collaboration through the Frontier Model Forum aimed at refining shared threat models and improving ecosystem-wide mitigation strategies.
Image credit: Prathmesh T / Shutterstock.com
