OpenAI · OpenAI GPT-5 System Card · View original document ↗

CBRN Capability Disclosure

High severity Medium confidence Inferredfromcontext Unique · 0 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity OpenAI recorded 14 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for OpenAI Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

The card discloses that GPT-5 demonstrated capabilities in the CBRN domain during evaluation that resulted in a 'medium' Preparedness Framework rating, with deployment proceeding under defined mitigations for this category.

This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The CBRN capability disclosure is operationally significant for deployers in research, government, and critical infrastructure sectors, as residual CBRN-relevant capabilities may interact with export control, dual-use research, and national security frameworks that create obligations independent of OpenAI's internal mitigation measures.

Interpretive note: The exact verbatim CBRN rating language could not be extracted due to document truncation; this provision reflects the disclosed content described in the document metadata and available text.

Consumer impact (what this means for users)

The document discloses that GPT-5 has residual CBRN-relevant capabilities that are subject to trained mitigations, meaning that requests in this domain may be refused or constrained regardless of operator configuration.

Cross-platform context

See how other platforms handle CBRN Capability Disclosure and similar clauses.

Compare across platforms →

Monitoring

OpenAI has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
GPT-5 received a 'medium' rating under the CBRN (chemical, biological, radiological, nuclear) category of OpenAI's Preparedness Framework, indicating residual capability in providing information relevant to weapons of mass destruction scenarios.

— Excerpt from OpenAI's OpenAI GPT-5 System Card

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY LANDSCAPE: CBRN capability disclosures engage U.S. Export Administration Regulations (EAR) administered by the Department of Commerce Bureau of Industry and Security (BIS), dual-use research of concern policies, and potentially the Biological Weapons Anti-Terrorism Act. EU deployers may also need to assess whether CBRN-relevant AI capabilities trigger export control notifications under the EU Dual-Use Regulation. The card does not assert compliance with these frameworks. 2) GOVERNANCE EXPOSURE: High. The disclosure of 'medium' CBRN capability ratings creates documentation obligations for regulated deployers and may require internal risk assessments before deployment in research, government, or healthcare contexts where CBRN-relevant queries could be expected. 3) JURISDICTION FLAGS: U.S. government and defense-adjacent deployers face heightened exposure given BIS dual-use oversight. Academic research institutions should assess whether GPT-5 CBRN capabilities interact with institutional dual-use research policies. EU deployers should evaluate the Dual-Use Regulation applicability. 4) CONTRACT AND VENDOR IMPLICATIONS: Government and regulated-sector procurement contracts should specify that OpenAI will provide timely notification of any change in the CBRN Preparedness Framework rating and whether mitigation updates are applied automatically to deployed instances. 5) COMPLIANCE CONSIDERATIONS: Deployers in research or government contexts should conduct a formal dual-use risk assessment referencing the disclosed CBRN rating before deployment, and should document that assessment as part of their AI governance records.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 3 platforms — free Get Monitor

Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    FTC authority over AI safety representations may be relevant if CBRN mitigation claims are found to materially overstate the reliability of output constraints in this domain.
    File a complaint →

Provision details

Document information
Document
OpenAI GPT-5 System Card
Entity
OpenAI
Document last updated
July 6, 2026
Tracking information
First tracked
July 6, 2026
Last verified
July 6, 2026
Record ID
CA-P-013393
Document ID
CA-D-00923
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
3ccccb27d7c63ef56fc7aca27175534c6244c9eab5e10f1f78b0ed9ac9909e4f
Analysis generated
July 6, 2026 22:05 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: OpenAI
Document: OpenAI GPT-5 System Card
Record ID: CA-P-013393
Captured: 2026-07-06 22:05:59 UTC
SHA-256: 3ccccb27d7c63ef5…
URL: https://conductatlas.com/platform/openai/openai-gpt-5-system-card/cbrn-capability-disclosure/
Accessed: July 7, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does OpenAI's CBRN Capability Disclosure clause do?

The CBRN capability disclosure is operationally significant for deployers in research, government, and critical infrastructure sectors, as residual CBRN-relevant capabilities may interact with export control, dual-use research, and national security frameworks that create obligations independent of OpenAI's internal mitigation measures.

How does this clause affect you?

The document discloses that GPT-5 has residual CBRN-relevant capabilities that are subject to trained mitigations, meaning that requests in this domain may be refused or constrained regardless of operator configuration.

Is ConductAtlas affiliated with OpenAI?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.