OpenAI sounded the alarm this week that the advanced AI models it has on deck will probably ratchet up cybersecurity risks, which should come as a surprise to exactly no one.  

The company said the models could possibly create zero-day remote exploits that would work against even the best-defended systems. They might also make it easier for bad actors to execute complex intrusions into enterprise and industrial networks, with not-so-pleasant outcomes. 

All this is because the capabilities of these models are increasing at AI’s characteristic warp speed. 

“Like other dual-use domains, defensive and offensive cyber workflows often rely on the same underlying knowledge and techniques,” OpenAI said in a blog post. 

“The technical scenario is feasible, and these attack patterns will be weaponized at scale. OpenAI’s announcement confirms they’re seeing the same trajectory,” says Michael Bell, founder and CEO at Suzu Labs.  

Since “cybersecurity touches almost every field,” OpenAI said it and other vendors “cannot rely on any single category of safeguards—such as restricting knowledge or using vetted access alone—but instead need a defense-in-depth approach that balances risk and empowers users.” 

What that means is “shaping how capabilities are accessed, guided, and applied so that advanced models strengthen security rather than lower barriers to misuse,” OpenAI wrote, noting it was already taking steps to protect against the cybersecurity woes its models could invite. 

The company said already it is: 

• Training the model to refuse or safely respond to harmful requests while remaining helpful for educational and defensive use cases. Frontier models are being taught “to refuse or safely respond to requests that would enable clear cyber abuse, while remaining maximally helpful for legitimate defensive and educational use cases.” 

• Detection systems. By refining and maintaining systemwide monitoring across products that use frontier models, potentially malicious cyber activity is detected. “When activity appears unsafe, we may block output, route prompts to safer or less capable models, or escalate for enforcement,” OpenAI said. Enforcement “combines automated and human review, informed by factors like legal requirements, severity, and repeat behavior.” OpenAI is also working with developers and enterprise customers “to align on safety standards and enable responsible use with clear escalation paths.” 

• End-to-end red teaming. Expert red teaming organizations help OpenAI evaluate and improve safety mitigations. Those teams try to bypass all the models’ defenses “by working end-to-end, just like a determined and well-resourced adversary might, so that the company can “identify gaps early and strengthen the full system.” 

OpenAI’s security efforts extend to the ecosystem as well. The company plans to introduce a trusted access program for cyber defense, expand defensive capacity with Aardvark, establish a Frontier Risk Council advisory group that includes experienced cyber defenders and security practitioners, and develop a shared understanding on threat models with the industry. 

“OpenAI’s approach to preventing misuse, thankfully, doesn’t rely on magical filters,” says John Carberry, CMO at Xcape, Inc., “their plan reads like a standard defense in depth strategy: they’ll train models to reject clear abuse, implement access controls and monitoring, and then have red teams test the entire system.” 

But still they’re aiming at a moving target. “Organizations need detection capabilities for AI-powered attacks today, regardless of how these defensive frameworks evolve,” he says, noting that “the labs are trying to build guardrails while the car is already moving.” 

Bell says that organizations “need detection capabilities for AI-powered attacks today, regardless of how these defensive frameworks evolve,” noting that “the labs are trying to build guardrails while the car is already moving.” 

Diana Kelley, CISO at Noma Security, says security professionals are obligated “to guide that evolution with resilience and governance, especially as agentic AI systems become the norm and AI-driven autonomy increases.” In practice, she says, “this means safety by design, rigorous model evaluation and red teaming, continuous monitoring of agent behavior and decision boundaries, strong identity and access controls around AI-initiated actions, and clear allow and deny lists governing system permissions.” Defenders must also shore up their existing defenses “to be AI-ready and AI risk aware.” 

Security by design as well as in deployment “will allow companies to benefit from advanced AI models without taking on unmanaged risks,” she explains. 

OpenAI promises more safeguards. “Alongside those efforts, we plan to explore other initiatives and cybersecurity grants to help surface breakthrough ideas that may not emerge from traditional pipelines, and to crowdsource bold, creative defenses from across academia, industry, and the open-source community,” OpenAI said. “Taken together, this is ongoing work, and we expect to keep evolving these programs as we learn what most effectively advances real-world security.”