Our updated Preparedness Framework

OpenAI Blog News

Summary

OpenAI released an updated Preparedness Framework with sharper focus on high-risk AI capabilities, introducing clearer criteria for prioritizing risks and new Research Categories for emerging threats like autonomous replication and sandbagging alongside established Tracked Categories for biological, chemical, and cybersecurity capabilities.

Sharing our updated framework for measuring and protecting against severe harm from frontier AI capabilities.
Original Article
View Cached Full Text

Cached at: 04/20/26, 02:48 PM

# Our updated Preparedness Framework Source: [https://openai.com/index/updating-our-preparedness-framework/](https://openai.com/index/updating-our-preparedness-framework/) We’re releasing an update to our Preparedness Framework, our process for tracking and preparing for advanced AI capabilities that could introduce new risks of severe harm\. As our models continue to get[more capable⁠](https://openai.com/index/deep-research-system-card/), safety will increasingly depend on having the right real\-world safeguards in place\. This update introduces a sharper focus on the specific risks that matter most, stronger requirements for what it means to “sufficiently minimize” those risks in practice, and clearer operational guidance on how we evaluate, govern, and disclose our safeguards\. Additionally, we introduce future\-facing research categories that allow us to remain at the forefront of understanding emerging capabilities to keep pace with where the technology is headed\. We will continue investing deeply in this process by making our preparedness work more actionable, rigorous, and transparent as the technology advances\. We’ve learned a great deal from our own testing, insights from external experts, and lessons from the field\. This update reflects that progress\. In line with[our core safety principles⁠](https://openai.com/safety/how-we-think-about-safety-alignment/#our-core-principles), it makes targeted improvements that include: - **Clear criteria for prioritizing high\-risk capabilities\.**We use a structured risk assessment process to evaluate whether a frontier capability could lead to severe harm and we assign it to a category based on defined criteria\. We track capabilities that meet five key criteria that make it a priority for us to prepare in advance: the risk should be plausible, measurable, severe, net new, and instantaneous or irremediable\. We measure progress on these capabilities, and build safeguards against the risks that these capabilities create\. - **Sharper capability categories\.**We've updated our categorization of capabilities to apply these criteria and reflect our current understanding\.- **Tracked Categories:**These are established areas where we have mature evaluations and ongoing safeguards\. They are Biological and Chemical capabilities, Cybersecurity capabilities, and AI Self\-improvement capabilities\. We continue to believe some of the most transformative benefits from AI will come from its use in science, engineering, and research \- including from capabilities in our Tracked Categories\. Investing early in both measurement and safeguards for these dual\-use categories will enable us to safely unlock the benefits we anticipate from their use\. - **Research Categories:**We’re introducing a set of Research Categories of capability, which are areas that could pose risks of severe harm, that do not yet meet our criteria to be Tracked Categories\. We’re working to develop threat models and advanced capability evaluations for these\. Current focus areas include Long\-range Autonomy, Sandbagging \(intentionally underperforming\), Autonomous Replication and Adaptation, Undermining Safeguards, and Nuclear and Radiological\. - Persuasion risks will be handled outside the Preparedness Framework, including via our Model Spec, restricting the use of our tools for political campaigning or lobbying, and our ongoing investigations into misuse of our products \(including[detecting and disrupting influence operations⁠\(opens in a new window\)](https://cdn.openai.com/threat-intelligence-reports/disrupting-malicious-uses-of-our-models-february-2025-update.pdf)\)\. - **Clarified capability levels\.**We’ve streamlined levels to two clear thresholds that map to specific operational commitments: High capability, which could amplify existing pathways to severe harm, and Critical capability, which could introduce unprecedented new pathways to severe harm\. Covered systems that reach High capability must have safeguards that sufficiently minimize the associated risk of severe harm before they are deployed\. Systems that reach Critical capability also require safeguards that sufficiently minimize associated risks during development\. The Safety Advisory Group \(SAG\), a cross\-functional team of internal safety leaders, reviews whether safeguards sufficiently minimize severe risk and makes targeted recommendations, ranging from approving deployment to requesting further evaluation or stronger protections\. Their guidance goes to OpenAI Leadership for final decisions, with an ongoing commitment to reassess safeguards if new evidence emerges\. - **Scalable evaluations to support more frequent testing\.**Advances in reasoning allow us to improve models more frequently and sometimes without major new training runs\. This means evaluations must be able to scale, too\. We’ve built a growing suite of automated evaluations that can keep up with this faster cadence, while also continuing to do expert\-led “deep dives” to ensure the scalable evaluations are measuring the right things\. - **Responding to shifts in the frontier landscape\.**If another frontier AI developer releases a high\-risk system without comparable safeguards, we may adjust our requirements\. However, we would first rigorously confirm that the risk landscape has actually changed, publicly acknowledge that we are making an adjustment, assess that the adjustment does not meaningfully increase the overall risk of severe harm, and still keep safeguards at a level more protective\. - **Defined Safeguards Reports\.**We’ve focused on producing Capabilities Reports \(formerly known as the “Preparedness Scorecard”\), which assess whether a model has crossed a threshold that poses risks\. We’re now adding more detail about how we’ll design strong safeguards and verify their effectiveness in dedicated Safeguards Reports, consistent with our principle of[defense in depth⁠](https://openai.com/safety/how-we-think-about-safety-alignment/#our-core-principles), which will guide deployment decisions\. SAG reviews both reports, assesses residual risk, and makes recommendations to OpenAI Leadership on whether it’s safe enough to deploy\. We’ll continue to publish our Preparedness findings with each frontier model release, just as we’ve done for[GPT‑4o⁠](https://openai.com/index/gpt-4o-system-card/),[OpenAI o1⁠](https://openai.com/index/openai-o1-system-card/),[Operator⁠](https://openai.com/index/operator-system-card/),[o3‑mini⁠](https://openai.com/index/o3-mini-system-card/),[deep research⁠](https://openai.com/index/deep-research-system-card/), and[GPT‑4\.5⁠](https://openai.com/index/gpt-4-5-system-card/), and share new benchmarks to support broader safety efforts across the field\. We’re deeply grateful to internal teams, external researchers and industry peers who’ve contributed invaluable insights to this latest update\. The Preparedness Framework remains a living document, and we expect to continue updating it as we learn more\.

Similar Articles

Frontier risk and preparedness

OpenAI Blog

OpenAI announced the winners of its Preparedness Challenge, which identified unique risks associated with frontier AI systems. The top ten submissions highlighted concerns including financial system manipulation, information leakage, medical harm, cyberattacks, and persuasion-based threats, with 70% of entries emphasizing AI's potential to enhance malicious persuasion capabilities.

Strengthening cyber resilience as AI capabilities advance

OpenAI Blog

OpenAI publishes a comprehensive framework for managing cyber capabilities in AI models, noting significant improvements in CTF performance from GPT-5 (27%) to GPT-5.1-Codex-Max (76%), and outlining defense-in-depth safeguards to ensure advanced models primarily benefit defenders while limiting offensive misuse.

OpenAI’s Approach to Frontier Risk

OpenAI Blog

OpenAI publishes details on its approach to frontier AI risks and announces progress on voluntary safety commitments made in July 2023, including the release of DALL-E 3 system card and the development of a new Preparedness Framework to manage catastrophic risks from advanced AI systems.

Evaluating potential cybersecurity threats of advanced AI

Google DeepMind Blog

DeepMind published a comprehensive framework for evaluating offensive cybersecurity capabilities of advanced AI models, analyzing over 12,000 real-world AI-powered cyberattack attempts across 20 countries and creating a 50-challenge benchmark covering the entire attack chain to help defenders prioritize security resources.

Strengthening our Frontier Safety Framework

Google DeepMind Blog

DeepMind published the third iteration of its Frontier Safety Framework, expanding risk domains to include harmful manipulation and misalignment risks, with refined risk assessment processes and enhanced governance protocols for advanced AI models.