Overview
- OpenAI says model performance on cybersecurity tasks jumped from 27% for GPT‑5 in August to 76% for GPT‑5.1‑Codex‑Max in November on capture‑the‑flag benchmarks.
- It is planning and evaluating as though each new model could hit the Preparedness Framework’s “high” cyber capability level, which sits below “critical,” while giving no timeline.
- The company outlines a defense‑in‑depth stack that includes access controls, hardened infrastructure, egress restrictions, comprehensive monitoring, refusal training, misuse detection, and external red teaming.
- An agent called Aardvark is in private testing to scan codebases and propose patches, has already found critical vulnerabilities, and will be available by application with free support for select open‑source projects.
- OpenAI is forming a Frontier Risk Council, launching trusted or tiered access for qualified defenders, and coordinating through the Frontier Model Forum, while warning future systems could aid zero‑day exploits and high‑level intrusions; separate reports describe internal pressure to accelerate development.