This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This risk assessment establishes the documented baseline for GPT-4o's cybersecurity capabilities and limitations as determined through OpenAI's internal evaluation framework. The Medium risk classification indicates the model's assessed capacity to provide assistance with malicious coding activities, which informs the operational scope of the model's deployment and monitoring protocols.
Users operate under a service where the underlying model has been assessed to provide meaningful assistance with cyberweapon or malicious code development, though below the Critical risk threshold. This assessment status may inform acceptable use policies, monitoring mechanisms, or usage restrictions that apply to users of the service.
How other platforms handle this
Microsoft commits to conducting impact assessments for AI systems prior to deployment, evaluating potential harms to individuals and affected communities, assessing fairness and bias risks, and implementing mitigation measures proportionate to identified risks before and during the lifecycle of AI s...
We may use Materials to provide, maintain, and improve the Services and to develop other products and services, including training our models, unless you opt out of training through your account settings. Even if you opt out, we will use Materials for model training when: (1) you provide Feedback to...
Promoting privacy and security, and respecting intellectual property rights.
Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We evaluated GPT-4o for its potential to meaningfully assist threat actors in creating cyberweapons or malicious code that could cause significant damage if deployed. We assessed GPT-4o to be Medium risk per our Preparedness Framework... The model has the potential to meaningfully uplift threat actors, but the level of uplift provided does not meet our threshold for Critical risk.— Excerpt from OpenAI's GPT-4o System Card (PDF)
How Meta, TikTok, and Supabase restructured governance language across documents, jurisdictions, and consent frameworks through incremental document updates.
How 10 AI platforms describe the use of user data for model training, improvement, and development, based on archived governance provisions.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This risk assessment establishes the documented baseline for GPT-4o's cybersecurity capabilities and limitations as determined through OpenAI's internal evaluation framework. The Medium risk classification indicates the model's assessed capacity to provide assistance with malicious coding activities, which informs the operational scope of the model's deployment and monitoring protocols.
Users operate under a service where the underlying model has been assessed to provide meaningful assistance with cyberweapon or malicious code development, though below the Critical risk threshold. This assessment status may inform acceptable use policies, monitoring mechanisms, or usage restrictions that apply to users of the service.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.