The company behind ChatGPT issued a stark warning Wednesday about potential dangers lurking in its next wave of artificial intelligence systems, saying they could present serious cybersecurity threats.
OpenAI stated its future AI models might be capable of creating functional zero-day exploits targeting heavily protected computer systems. The technology could also help carry out sophisticated attacks on businesses or industrial facilities designed to cause real-world damage.
Things are moving quickly. In its blog OpenAI mentioned, performance on capture-the-flag security challenges jumped from 27% on GPT-5 in August 2025 to 76 percent on GPT-5.1-Codex-Max just three months later in November 2025.
OpenAI now assumes each new model it builds could hit what it calls “high” levels of cybersecurity capability. That means systems that can create working exploits for previously unknown vulnerabilities in well-protected networks, or help with complicated intrusion campaigns targeting critical infrastructure.
The Microsoft-backed firm said it’s investing in making its models better at defensive security work. The company is building tools to help security teams check code for problems and fix security holes. OpenAI wants to give defenders an edge since they’re usually outnumbered and short on resources.
Here’s where it gets tricky. Defensive and offensive cybersecurity work use the same basic knowledge and methods. What helps defenders could just as easily help attackers. OpenAI says it can’t rely on one protective measure. It needs layers of security controls working together.
The company is using access restrictions, stronger infrastructure security, controls on information flow, and constant monitoring. It’s also training models to refuse requests that could enable cyber attacks while keeping them useful for legitimate security work and education.
Detection systems watch for suspicious activity across products using advanced models. When something looks dangerous, the system blocks results, switches to a weaker model, or flags it for human review.
Testing the limits
OpenAI works with specialized security testing groups that try breaking through all its defenses. They simulate how a determined attacker with serious resources might operate. This helps find weak spots before real threats do.
The cybersecurity risks from AI worry people across the industry. As reported by Cryptopolitan previously, hackers already use AI technologies to improve their attacks.
The firm plans a program that gives qualified users working on cybersecurity defense special access to enhanced capabilities in its newest models. OpenAI is still working out which features can be widely available and which need tighter restrictions.
Then there’s Aardvark. This security tool in private testing helps developers and security teams find and fix vulnerabilities at scale. It scans code for weaknesses and suggests fixes. The system already discovered new vulnerabilities in open-source software. OpenAI plans to put significant resources into strengthening the broader security ecosystem. That includes offering free coverage to some non-commercial open source projects.
OpenAI will create the Frontier Risk Council. This brings together experienced cybersecurity defenders and practitioners. The group starts with cybersecurity but will expand to other areas. Council members help determine boundaries between useful capabilities and potential misuse.
Security remains a challenge
The company works with other leading AI companies through the Frontier Model Forum. This nonprofit develops shared understanding of threats and best practices. OpenAI thinks security risks from advanced AI could come from any major AI system in the industry.
Recent research showed AI agents can discover zero-day vulnerabilities worth millions in blockchain smart contracts. This highlights how these advancing capabilities cut both ways.
OpenAI has worked to strengthen its own security measures, but the company faced its own problems. The firm dealt with multiple security breaches in the past. This shows how hard it is to protect AI systems and infrastructure.
The company says this is ongoing work. The goal is giving defenders advantages and strengthening security of critical infrastructure across the technology ecosystem.
