OpenAI, the company behind ChatGPT and the GPT series of large language models, has made a significant and controversial change to its internal safety framework — one that has drawn sharp criticism from AI safety researchers, civil liberties advocates, and former employees alike. The San Francisco-based AI giant recently updated its safety protocols to allow for more flexible handling of dangerous model capabilities, while simultaneously introducing a new policy that could involve notifying law enforcement about certain user activities. The changes, buried in updated documentation on the company’s website, signal a marked departure from the more cautious posture OpenAI once championed.
As reported by Mashable, the updated preparedness framework now permits OpenAI to deploy AI models that carry “medium” risk scores in areas such as cybersecurity, biological threats, and persuasion — categories that previously would have required more stringent review and potentially blocked deployment altogether. Under the old framework, only models rated “low” risk could be deployed without additional safety measures. The shift effectively lowers the bar for what OpenAI considers acceptable risk when releasing new AI systems to the public.
The previous version of OpenAI’s preparedness framework, published in December 2023, established a clear threshold: models that scored “medium” or higher on any risk category could not be deployed without further mitigation. The new framework, by contrast, allows medium-risk models to be released as long as they have what OpenAI describes as sufficient mitigations in place. The distinction may sound technical, but its implications are far-reaching. It means that AI systems with a meaningful capacity to assist in generating biological weapon instructions, crafting sophisticated cyberattacks, or producing highly persuasive disinformation campaigns could now be released to hundreds of millions of users, provided OpenAI’s internal teams judge the safeguards adequate.
Critics have been quick to point out that this change arrives at a particularly fraught moment. OpenAI is in the midst of a corporate restructuring that would convert it from a nonprofit to a for-profit benefit corporation, a move that has already attracted legal challenges and regulatory scrutiny. The company is also racing to stay ahead of competitors like Google DeepMind, Anthropic, and Meta in the intensifying AI arms race. Lowering safety thresholds, skeptics argue, looks less like a principled recalibration and more like a commercially motivated decision to speed products to market.
Perhaps even more alarming to privacy advocates is a new provision in OpenAI’s updated documentation that explicitly contemplates notifying law enforcement about user behavior. According to Mashable, the updated safety framework includes language indicating that OpenAI may contact law enforcement if it identifies user activity that suggests an imminent threat or serious criminal conduct. While the company has not provided granular detail about the specific triggers that would prompt such a notification, the mere existence of the policy represents a notable expansion of OpenAI’s self-appointed role as an intermediary between its users and the state.
This is not entirely without precedent in the technology industry. Major cloud computing providers, social media platforms, and email services have long maintained policies that allow — and in some cases require — them to report certain types of illegal content, particularly child sexual abuse material, to authorities. But OpenAI’s policy appears broader in scope, potentially encompassing a wider range of activities that the company’s systems flag as dangerous. The lack of specificity has raised concerns about the potential for overreach, false positives, and the chilling effect such surveillance could have on legitimate research and free expression.
The changes have reignited a long-simmering debate about OpenAI’s commitment to safety — a principle that was ostensibly the reason for the organization’s founding in 2015. Several former OpenAI employees have spoken publicly in recent months about what they describe as a gradual erosion of safety culture within the company. In May 2024, a group of current and former employees published an open letter calling for greater transparency and stronger whistleblower protections in the AI industry, with OpenAI as a primary, if unnamed, target.
Jan Leike, who led OpenAI’s superalignment team before resigning in May 2024, posted on social media at the time that “safety culture and processes have taken a backseat to shiny products.” His departure, along with that of co-founder Ilya Sutskever, was widely interpreted as a sign of deepening internal tensions over the company’s direction. The latest framework changes appear to validate those concerns. When the people most intimately familiar with an organization’s safety infrastructure are leaving and publicly questioning its priorities, external observers have reason to pay close attention.
OpenAI’s competitive position provides important context for understanding these changes. The company reportedly reached an annualized revenue run rate of $3.4 billion in 2024 and has been aggressively expanding its product lineup, including enterprise offerings, API access tiers, and consumer-facing tools. Its most recent funding round, completed in late 2024, valued the company at $157 billion. With investors expecting returns and competitors closing the gap, the pressure to ship new models quickly is immense.
Google’s Gemini models, Anthropic’s Claude, and Meta’s open-source Llama series have all made significant strides, narrowing what was once a commanding OpenAI lead. In this environment, safety protocols that slow down deployment are not just technical constraints — they are competitive liabilities. By reclassifying medium-risk models as deployable, OpenAI gains the ability to push more capable systems into production faster. Whether this tradeoff is wise depends on one’s assessment of the actual risks involved, but the commercial incentive is unmistakable.
To understand the stakes, it helps to consider what OpenAI’s own risk categories entail. A “medium” risk rating in the cybersecurity category, for example, would indicate that a model can provide meaningful assistance to someone attempting to carry out a cyberattack — not just general information available in textbooks, but specific, actionable guidance that could lower the barrier to entry for malicious actors. Similarly, a medium biological risk score would suggest the model can provide information that goes beyond what is publicly accessible and could materially assist in the development of dangerous pathogens.
OpenAI has argued that its mitigation measures — including output filters, usage monitoring, and red-teaming exercises — are sufficient to manage these risks even at the medium level. But independent researchers have repeatedly demonstrated that such safeguards can be bypassed through prompt injection, jailbreaking techniques, and other adversarial methods. The cat-and-mouse dynamic between AI safety measures and those seeking to circumvent them is well-documented, and there is little evidence to suggest that current mitigations are foolproof. Deploying medium-risk models to a user base of more than 100 million people significantly expands the attack surface.
The policy changes also underscore the glaring absence of comprehensive AI regulation in the United States. Unlike the European Union, which has enacted the AI Act establishing binding requirements for high-risk AI systems, the U.S. has largely relied on voluntary commitments from AI companies. OpenAI was among the signatories to the White House’s voluntary AI safety commitments in July 2023, but those commitments carry no legal force and no enforcement mechanism. When a company voluntarily weakens its own safety standards, as OpenAI appears to have done, there is no regulatory body with the authority to intervene.
This regulatory gap means that decisions about acceptable risk levels for AI systems affecting hundreds of millions of people are being made unilaterally by corporate leadership, with limited external accountability. OpenAI’s board of directors, reconstituted after the dramatic ouster and reinstatement of CEO Sam Altman in November 2023, includes several members with close ties to the company’s commercial interests. Whether this board is positioned to serve as an effective check on safety-related decisions is an open question — one that the latest policy changes make more urgent.
OpenAI’s moves are likely to have ripple effects across the industry. If the market leader signals that medium-risk deployments are acceptable, competitors may feel pressure to adopt similarly permissive standards. Conversely, companies like Anthropic, which has built its brand around a “safety-first” approach, may seek to differentiate themselves by maintaining stricter thresholds. The industry’s collective approach to safety is, in many ways, set by the norms established by its most prominent players.
For users of ChatGPT and other OpenAI products, the law enforcement notification policy raises immediate practical questions. What kinds of queries might trigger a report? How will OpenAI distinguish between a researcher studying biosecurity threats and a bad actor seeking to exploit them? What due process protections, if any, will users have? These questions remain unanswered, and OpenAI has not provided the kind of detailed transparency report that would allow independent assessment of how the policy is being applied. Until it does, users are left to trust that a company with powerful commercial incentives will exercise its expanded authority responsibly — a proposition that grows harder to accept with each successive weakening of its safety commitments.
The trajectory is clear: OpenAI is moving fast, loosening constraints, and concentrating more power over consequential decisions within its own walls. Whether the rest of the industry, regulators, and the public will push back remains to be seen.
OpenAI Quietly Rewrites Its Safety Playbook: What the New Protocols Mean for Users, Law Enforcement, and the Future of AI Governance first appeared on Web and IT News.
Anthropic just made its AI agent permanently resident on your desktop. Not as a chatbot…
Jack Clark thinks coding is the new literacy. Not in the vague, aspirational way that…
Ask a chatbot a question and you’ll get an answer. But the answer you get…
For years, cropping a photo in Google Photos has been an exercise in quiet frustration.…
OPEC’s crude oil production dropped sharply in May, and the reasons stretch far beyond the…
Google is making its biggest bet yet on the idea that artificial intelligence should be…
This website uses cookies.