This is OpenAI's official safety report for GPT-4o, their multimodal AI model that can see, hear, and speak in real time, and it explains what risks they identified and what they did — or didn't fully fix — before releasing it to the public. The most important thing for everyday users is that OpenAI acknowledges GPT-4o's voice features can mimic real people's voices and generate emotionally persuasive responses, and that safeguards against these risks were not fully complete at the time of release. If you use GPT-4o's voice or image features, be aware that the model may behave differently depending on which app or operator deploys it, and OpenAI's protections may not apply uniformly across all platforms.
Technical Summary
This document is the GPT-4o System Card published by OpenAI, a pre-deployment safety disclosure document governing the release of the GPT-4o multimodal AI model, operating under OpenAI's internal Preparedness Framework and voluntary AI safety commitments rather than a binding statutory legal basis. The most significant obligations it creates include commitments by OpenAI to conduct external red teaming, apply frontier risk evaluations across CBRN (chemical, biological, radiological, nuclear), cybersecurity, and persuasion risk categories, and implement model-level and policy-level mitigations before deployment. Notable provisions that deviate from industry standard include the explicit acknowledgment that GPT-4o's real-time audio and vision capabilities create novel risks around voice cloning, non-consensual intimate imagery generation, and emotional over-reliance on AI personas — risks that OpenAI concedes remain incompletely mitigated at launch. The document engages the EU AI Act (particularly high-risk system classification considerations), FTC consumer protection authority over deceptive AI practices, and emerging US federal AI governance frameworks; material compliance considerations include the absence of binding third-party audit obligations, incomplete mitigation disclosures for audio modality risks, and operator-mediated deployment structures that diffuse accountability across the API supply chain.
OpenAI launched GPT-4o's voice features knowing that safety measures for audio were not yet fully complete, and intentionally limited access while they continue developing those protections.
OpenAI tested whether GPT-4o could help someone create weapons of mass destruction and concluded the risk is 'medium' — serious enough to track closely but not yet at the level that would have blocked the model's release.
OpenAI's own safety testers found that GPT-4o's voice feature could be used to impersonate real people, which is why voice output is currently restricted — but these restrictions may not apply in all deployment contexts.
OpenAI is concerned that GPT-4o's conversational and emotional expressiveness could cause some users — particularly vulnerable people — to form unhealthy emotional attachments to the AI.
GPT-4o has built-in blocks against generating child sexual abuse material, but operators running adult platforms can unlock explicit sexual content for their users — though not involving minors.
OpenAI tested whether GPT-4o could help hackers create malicious code and determined the risk is 'medium' — significant but not at the level that would have prevented release under their internal framework.
GPT-4o has built-in blocks to prevent creating fake intimate images of real people without their consent, but OpenAI admits these protections are imperfect and the risk remains.
When you use GPT-4o through a third-party app or service, that company can change how the AI behaves — including relaxing some of OpenAI's default safety settings — within limits set by OpenAI.
OpenAI found that GPT-4o can help bad actors run large-scale influence and disinformation campaigns, and rated this a 'medium' risk under their own framework — not severe enough to block release but serious enough to disclose.
Before releasing GPT-4o, OpenAI paid more than 100 outside experts to try to find ways the AI could be misused or cause harm — and this document summarizes what they found.
Added March 10, 2026
Cross-platform context
See how other platforms handle CBRN Frontier Risk Evaluation and similar clauses.