OpenAI · OpenAI GPT-5.5 System Card · View original document ↗

Dual-Use Capability Uplift Disclosure

High severity Medium confidence Explicitdocumentlanguage Unique · 0 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity OpenAI recorded 14 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for OpenAI Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

The document discloses that GPT-5.5 can provide assistance that meaningfully advances user capability in cybersecurity tasks and persuasive content generation, with these capabilities rated at medium risk and subject to policy-based rather than technical hard-block mitigations in most deployment contexts.

This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision discloses that GPT-5.5 possesses dual-use capabilities in cybersecurity and persuasion domains that are managed primarily through usage policy enforcement rather than absolute technical restrictions. Operators and regulators should note that the effectiveness of policy-based mitigations depends on enforcement mechanisms that the document does not fully specify.

Interpretive note: The document summarizes uplift potential and mitigation mechanisms at a high level; the precise technical implementation of usage policy enforcement and the conditions under which hard-block versus soft-block controls apply are not fully specified.

Consumer impact (what this means for users)

The document states that GPT-5.5 can generate outputs that provide meaningful assistance in cybersecurity and persuasion contexts, and that access to these capabilities is governed by OpenAI's usage policies and operator-configured controls rather than absolute technical restrictions.

Cross-platform context

See how other platforms handle Dual-Use Capability Uplift Disclosure and similar clauses.

Compare across platforms →

Monitoring

OpenAI has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
GPT-5.5 demonstrates measurable uplift potential in cybersecurity-adjacent tasks and persuasion-relevant content generation. These capabilities are assessed at the medium risk level and are subject to usage policy restrictions and operator-level system prompt controls as primary mitigations.

— Excerpt from OpenAI's OpenAI GPT-5.5 System Card

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY LANDSCAPE: Dual-use capability disclosures of this nature engage cybersecurity regulations, export control frameworks, and biosecurity laws depending on jurisdiction. The EU AI Act's systemic risk provisions specifically address cybersecurity-relevant capabilities in general-purpose AI. The US Cybersecurity and Infrastructure Security Agency and sector-specific regulators may have oversight interests in cybersecurity uplift capabilities. Export control regimes administered by the US Department of Commerce may be relevant if model access is provided to foreign nationals in controlled categories. 2) GOVERNANCE EXPOSURE: High. The disclosure of measurable cybersecurity and persuasion uplift without disclosed hard-block technical controls creates ongoing governance exposure for enterprise operators, particularly those deploying GPT-5.5 in security-sensitive or election-adjacent contexts. Reliance on usage policy enforcement as the primary mitigation mechanism places compliance responsibility on operator monitoring and enforcement practices. 3) JURISDICTION FLAGS: EU/EEA deployments face heightened exposure under the EU AI Act's cybersecurity provisions and potential classification obligations. US federal contractors and operators in critical infrastructure sectors face additional regulatory considerations. Election-related deployments in any jurisdiction face heightened scrutiny regarding persuasion capability access. 4) CONTRACT AND VENDOR IMPLICATIONS: Operators should review whether their API agreements with OpenAI address liability allocation for harms arising from dual-use capability misuse. Indemnification provisions in OpenAI's operator agreements are relevant to assess in light of this disclosure. 5) COMPLIANCE CONSIDERATIONS: Operators deploying GPT-5.5 in cybersecurity tooling, content moderation, or political communication contexts should conduct specific use-case risk assessments referencing this disclosure. Data mapping and incident response procedures should account for potential misuse scenarios involving the disclosed dual-use capabilities.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 3 platforms — free Get Monitor

Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has authority over unfair or deceptive practices in AI product deployment and may evaluate the adequacy of disclosed mitigations for dual-use capability risks.
    File a complaint →

Provision details

Document information
Document
OpenAI GPT-5.5 System Card
Entity
OpenAI
Document last updated
July 6, 2026
Tracking information
First tracked
July 6, 2026
Last verified
July 6, 2026
Record ID
CA-P-013396
Document ID
CA-D-00924
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
1408d102faed20b4eb10fc79b0fdedfb44cacf7d752f2293429e5f342d0fe485
Analysis generated
July 6, 2026 22:09 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: OpenAI
Document: OpenAI GPT-5.5 System Card
Record ID: CA-P-013396
Captured: 2026-07-06 22:09:40 UTC
SHA-256: 1408d102faed20b4…
URL: https://conductatlas.com/platform/openai/openai-gpt-55-system-card/dual-use-capability-uplift-disclosure/
Accessed: July 7, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does OpenAI's Dual-Use Capability Uplift Disclosure clause do?

This provision discloses that GPT-5.5 possesses dual-use capabilities in cybersecurity and persuasion domains that are managed primarily through usage policy enforcement rather than absolute technical restrictions. Operators and regulators should note that the effectiveness of policy-based mitigations depends on enforcement mechanisms that the document does not fully specify.

How does this clause affect you?

The document states that GPT-5.5 can generate outputs that provide meaningful assistance in cybersecurity and persuasion contexts, and that access to these capabilities is governed by OpenAI's usage policies and operator-configured controls rather than absolute technical restrictions.

Is ConductAtlas affiliated with OpenAI?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.