How to Strengthen Cyber Resilience as AI Capabilities Advance

Summary

As AI models’ cybersecurity capabilities evolve rapidly, OpenAI is bolstering defensive tools, building layered safeguards, and collaborating with global experts to leverage these advances for defenders while mitigating dual-use risks, protecting critical infrastructure, and fostering a more resilient cyber ecosystem.

1. AI Cybersecurity Capabilities: Opportunities and Challenges Amid Rapid Progress

Have you ever wondered how quickly AI’s capabilities in cybersecurity are evolving? The data paints a striking picture of growth.

Using capture-the-flag (CTF) challenges—a standard benchmark for assessing cybersecurity skills—we can track clear progress. In August 2025, GPT-5 achieved a 27% success rate in such challenges; by November 2025, GPT-5.1-Codex-Max had boosted that rate to 76%. That’s more than a twofold increase in just three months.

This rapid advancement brings tangible benefits for cyberdefense, but it also introduces significant dual-use risks: the same capabilities that protect systems can be weaponized for malicious attacks.

OpenAI is preparing for the next wave of AI development by evaluating every new model against the “High” level of cybersecurity capability defined in its Preparedness Framework. A “High” capability model can either develop functional zero-day remote exploits against well-defended systems or provide substantial support for complex, stealthy enterprise or industrial intrusion operations with real-world impacts. The core question then becomes: how to harness these capabilities for defensive purposes while minimizing misuse? This is the central focus of OpenAI’s current initiatives.

2. Empowering Defenders: How AI Enhances Cybersecurity Defense

Cyber defenders often face the uphill battle of being outnumbered and under-resourced. AI’s evolving capabilities offer a much-needed lifeline, and OpenAI is working to turn these advances into practical advantages for defensive teams.

OpenAI’s efforts in this space focus on two key areas:

1. Enhancing AI models’ proficiency in defensive cybersecurity tasks, refining their ability to support core protection workflows.
2. Developing user-friendly tools that streamline critical defender workflows, such as code auditing and vulnerability patching.

Consider the traditional process of manual code vulnerability scanning—a time-consuming, error-prone task that demands extensive expertise. With AI-powered tools, this process can be automated and accelerated, uncovering hidden vulnerabilities that might slip past human auditors. This is the tangible edge AI brings to cyber defenders, leveling the playing field against threat actors.

3. Preventing Misuse: The “Safety Locks” for AI Cybersecurity Capabilities

Defensive and offensive cyber operations often rely on overlapping foundational knowledge and techniques, creating a challenge: how to ensure AI’s powerful capabilities serve protective goals, not malicious ones. OpenAI’s solution is a defense-in-depth approach—rejecting overreliance on a single safeguard and instead implementing layered protections that balance risk mitigation with legitimate user empowerment.

(1) Foundational Security Architecture: The Bedrock of Comprehensive Protection

At the base of OpenAI’s security framework is a multi-pronged foundational strategy, including:

• Access controls: Ensuring only authorized users can access sensitive capabilities.
• Infrastructure hardening: Strengthening the underlying systems that host AI models to resist breaches.
• Egress controls: Regulating data and information flow to prevent unauthorized leakage of sensitive content.
• Monitoring systems: Maintaining continuous oversight to detect anomalies and potential threats.

Complementing these measures are dedicated detection and response systems, plus specialized threat intelligence and insider risk programs. The goal is to identify and block emerging threats at speed. Crucially, these safeguards are not static—they are designed to evolve with the threat landscape, as OpenAI operates under the assumption that change is constant and builds systems capable of rapid, appropriate adjustments.

(2) Three Core Safeguard Layers: Targeted Protection for Responsible AI Use

Built on top of the foundational architecture are three targeted layers of protection to address specific misuse risks:

1. Training Models to “Discern Right from Wrong”

Frontier AI models are trained to either refuse or provide safe responses to requests that enable clear cyber abuse, while remaining fully supportive of legitimate defensive and educational use cases. For example, if a user asks how to defend against a specific ransomware variant, the model will deliver detailed, actionable guidance; if the request is to develop that ransomware, the model will decline to assist.

2. System-Wide Detection: Catching “Anomalous Signals” Early

All products leveraging frontier AI models are subject to system-wide monitoring to identify potential malicious cyber activity. When unsafe behavior is detected, OpenAI can deploy several interventions:

• Blocking harmful outputs outright
• Routing the prompt to a more secure or less capable model for processing
• Escalating the case to enforcement teams for review

Enforcement combines automated tools with human oversight, taking into account factors like legal requirements, the severity of the activity, and whether the user has a history of repeat violations. OpenAI also collaborates closely with developers and enterprise clients to align on security standards and establish clear escalation paths for reporting concerns.

3. End-to-End Red Teaming: Simulating “Real-World Attacks” to Identify Gaps

Red teams are cybersecurity professionals who act as simulated adversaries, tasked with bypassing security defenses just as a determined, well-resourced threat actor would. OpenAI partners with expert red teaming organizations to conduct end-to-end evaluations of its security mitigations. This proactive testing helps uncover vulnerabilities in the defense system early, allowing OpenAI to strengthen its safeguards before they can be exploited in real-world scenarios.

4. Ecosystem Collaboration: Building Collective Cyber Resilience

Cybersecurity is not the responsibility of a single organization—it requires collective action across the entire ecosystem. OpenAI has long been at the forefront of applying AI to defensive cybersecurity and works closely with global experts to refine its models and their real-world applications. The company values the work of cybersecurity practitioners worldwide and is committed to delivering tools that empower defensive efforts. When rolling out new safeguards, OpenAI continues to engage with the cybersecurity community to identify where AI can most effectively boost resilience and where cautious, targeted protections are essential.

Specific ecosystem initiatives include:

(1) Trusted Access Program: Ensuring the Right Capabilities Reach the Right Users

OpenAI plans to launch a Trusted Access Program that will provide tiered access to enhanced defensive capabilities in its latest models for qualified cyber defense users and clients. The program is still in the exploratory phase, with OpenAI working to define boundaries for broad-access vs. restricted capabilities. The ultimate goal is for this program to serve as a cornerstone for building a more resilient cyber ecosystem.

(2) Aardvark: The AI-Powered “Security Assistant” for Vulnerability Detection and Patching

Aardvark, OpenAI’s agentic security researcher, is now in private beta. It automates the process of scanning codebases for vulnerabilities and generating patch recommendations that maintainers can implement quickly. Notably, Aardvark has already identified novel Common Vulnerabilities and Exposures (CVEs) in open-source software by analyzing entire codebases holistically.

To support the security of the open-source software ecosystem and supply chain, OpenAI plans to offer free Aardvark coverage to select non-commercial open-source repositories. Teams interested in participating in the beta can apply via the official signup channel.

(3) Frontier Risk Council: Leveraging Expertise to Guide Safe AI Development

OpenAI will establish the Frontier Risk Council, an advisory group that will bring experienced cyber defenders and security practitioners into close collaboration with its internal teams. Initially focused on cybersecurity, the council will expand to other frontier capability domains in the future.

Council members will provide guidance on defining the line between useful, responsible AI capabilities and those that carry high misuse risks. Their insights will directly inform OpenAI’s model evaluations and safeguard development. More details about the council will be shared in the coming months.

(4) Industry Collaboration: Addressing Cross-Lab Risks Collectively

OpenAI anticipates that cyber misuse could be enabled by any frontier AI model across the industry. To tackle this industry-wide challenge, it collaborates with other leading labs through the Frontier Model Forum—a nonprofit supported by top AI labs and industry partners—to build a shared understanding of threat models and best practices.

Within this forum, threat modeling plays a critical role in risk mitigation by:

• Identifying how AI capabilities could be weaponized
• Pinpointing key bottlenecks for different types of threat actors
• Assessing how frontier models might amplify attack capabilities

This collaboration aims to create a unified, ecosystem-wide view of threat actors and attack pathways, enabling labs, maintainers, and defenders to improve their mitigations and ensure critical security insights spread quickly across the sector. OpenAI is also partnering with external teams to develop standardized cybersecurity evaluations for AI models, with the goal of building an ecosystem of independent assessments to foster shared understanding of model capabilities.

5. Long-Term Commitment: Making AI a Force for Good in Cybersecurity

These initiatives reflect OpenAI’s long-term commitment to strengthening the defensive side of the cyber ecosystem. As AI models grow more capable, the company’s priority is to ensure these advances translate into tangible leverage for defenders—grounded in real-world needs, informed by expert input, and deployed with careful safeguards.

Beyond its current programs, OpenAI plans to explore additional initiatives and cybersecurity grants to surface breakthrough ideas that may not emerge from traditional innovation pipelines. It also aims to crowdsource bold, creative defense strategies from academia, industry, and the open-source community.

This is an ongoing effort, and OpenAI expects to refine and evolve these programs as it gains deeper insights into what most effectively improves real-world cybersecurity.

FAQ: Common Questions About AI and Cyber Resilience

1. How does the advancement of AI cybersecurity capabilities impact ordinary users?

The improvement of AI’s cybersecurity capabilities ultimately strengthens the overall security of the digital world. For example, AI tools can detect and patch software vulnerabilities faster, making the apps and websites ordinary users rely on less vulnerable to hacks and better protecting their personal information.

2. How does the “defense-in-depth” approach balance security and usability?

It avoids overreliance on a single measure and instead combines access controls, monitoring, model training, and other tactics. For instance, it restricts access to high-risk capabilities while ensuring legitimate users can easily access the AI tools they need for defensive work, preventing over-restriction that would hinder useful applications.

3. Why is Aardvark offering free coverage to non-commercial open-source repositories?

Open-source software forms the backbone of much of the digital infrastructure, and its security has far-reaching impacts. Providing free Aardvark services to non-commercial open-source repositories enhances the security of the entire open-source ecosystem, benefiting all users who depend on open-source tools.

4. How will the Frontier Risk Council’s input affect ordinary users’ access to AI tools?

The council’s guidance will help define the appropriate boundaries of AI capabilities, ensuring the tools released are both powerful and secure. Ordinary users will face fewer unnecessary restrictions on functionality while being protected from the indirect risks of AI misuse.

5. What is the significance of collaboration between different AI labs?

Cyber threats are global, and individual labs’ efforts are limited. Collaboration allows for the sharing of threat intelligence and best practices, avoiding redundant work and accelerating the development of industry-wide security standards. This makes it easier to address cross-platform cyber misuse risks effectively.