OpenAI pivots to security and legal cover

OpenAI is reportedly building a cybersecurity product that will not go to the public first. Axios reported on April 9 that the company plans to offer the tool only to a small set of partners, which puts it in the same lane as Anthropic’s new locked-down security model. (axios.com) That restricted rollout is the point, not a side detail. Axios said model makers now think artificial intelligence systems have crossed a threshold where hacking ability and autonomy are strong enough that releasing them widely can create immediate abuse risks. (axios.com) The comparison target is Anthropic’s Claude Mythos Preview, announced on April 7. Anthropic said the model is unusually good at finding software weaknesses, so it gave access to a limited group of companies for defensive work instead of putting it on the open market. (cnbc.com) Anthropic named Microsoft, Amazon, Apple, CrowdStrike, and Palo Alto Networks among the first users, and said more than 40 companies joined the program it calls Project Glasswing. The idea is to let big defenders test the tool before attackers can get the same capability at scale. (cnbc.com) OpenAI then signaled that it has its own internal systems it is not comfortable releasing. Gizmodo reported on April 9 that OpenAI pointed to a separate unreleased tool while discussion around Anthropic’s model was heating up, framing it as something too risky for public launch right now. (gizmodo.com) That is a sharp change from the old artificial intelligence sales pitch, where the race was about who could ship the most capable chatbot to the most people. In this version of the market, the most valuable model can look less like a consumer app and more like a sensitive instrument that gets handed out behind closed doors. (axios.com) (cnbc.com) At the same time, OpenAI is trying to narrow the legal blast radius if one of these systems is used in a disaster. Wired reported on April 10 that the company backed Illinois Senate Bill 3444, a proposal that would shield frontier model developers from many lawsuits over catastrophic harms if they did not act intentionally or recklessly and if they published safety and transparency reports. (wired.com) (ilga.gov) The Illinois bill sets a very high bar for the harms it covers. Bill trackers summarizing Senate Bill 3444 say “critical harms” include events like the death or serious injury of 100 or more people, at least $1 billion in property damage, or the creation or use of chemical, biological, radiological, or nuclear weapons. (legiscan.com) (qz.com) It also targets only the biggest labs. The bill defines a frontier model partly by training cost, with summaries of the measure describing a threshold above $100 million in compute expense, which is a club that points at OpenAI, Anthropic, Google, Meta, and xAI rather than ordinary software companies. (legiscan.com) (wired.com) Put those two moves together and the shape of the business changes. OpenAI appears to be building high-end security tools for a small trusted circle while also supporting rules that reduce liability if frontier systems cause extreme damage, which is what a company does when its products are starting to look less like websites and more like regulated infrastructure. (axios.com) (wired.com)