According to CEO Sam Altman, the new features will begin rolling out as early as next week. With these updates, Codex will, for the first time, reach the “High” level of cybersecurity risk under OpenAI’s internal risk framework. Only one higher category exists above it: “Critical.”
Under OpenAI’s policies, a “High” risk level means that an AI model is capable of removing existing barriers to cyberattacks. This includes automating attacks on well-protected targets or automatically discovering and exploiting security vulnerabilities. Such capabilities could disrupt the balance between cyber offense and defense and significantly increase the volume of cyberattacks worldwide.
To mitigate these risks, OpenAI plans to introduce product limitations to prevent misuse of Codex for cybercrime. Over the longer term, the company intends to focus on strengthening defensive capabilities by helping developers identify and fix vulnerabilities more quickly.
Altman stressed that deploying powerful AI tools responsibly and early is critical to improving software security, as even more capable models are expected to emerge soon. In OpenAI’s view, withholding advanced AI is not a viable solution, and accelerating defensive innovation is the better path forward.
At the highest “Critical” risk level, AI systems could autonomously discover and exploit zero-day vulnerabilities across hardened and critical systems, or independently design and execute novel cyberattack strategies without human guidance. Such capabilities could enable attacks on military, industrial, or critical infrastructure systems — potentially leading to catastrophic consequences.
OpenAI emphasizes that its current safeguards aim to prevent models from reaching that level of autonomous offensive capability, while prioritizing responsible deployment and security-first development.
ES 
EN