OpenAI may gate new model

OpenAI is reportedly preparing to release a new model to only a small group of companies instead of putting it everywhere at once, because the model’s hacking ability is strong enough that wider access could be abused. Axios reported the plan on April 9, 2026, and said OpenAI is treating the rollout more like controlled access to a dangerous tool than a normal product launch. (axios.com) This did not come out of nowhere. On December 10, 2025, OpenAI said it was planning as if each new frontier model could hit “High” cybersecurity capability under its own Preparedness Framework. (openai.com) In OpenAI’s policy, “High” does not mean a chatbot writes slightly better phishing emails. It means a model could help develop working zero-day exploits against well-defended systems or materially assist in stealthy intrusions into enterprise or industrial targets. (openai.com) OpenAI says its cyber scores have been climbing fast. In capture-the-flag tests, which are timed hacking challenges used to measure security skill, the company said performance rose from 27% on GPT-5 in August 2025 to 76% on GPT-5.1-Codex-Max in November 2025. (openai.com) The company’s basic safety rule is simple: if a model crosses a dangerous threshold, deployment is supposed to wait until safeguards are in place. OpenAI’s Preparedness Framework says it will not deploy very capable models until it has built protections that sufficiently reduce the risk of severe harm. (cdn.openai.com) That is a change from the old pattern where a new model mostly meant a bigger public launch. OpenAI’s April 2025 system card for o3 and o4-mini said those models did not reach the “High” threshold in cybersecurity, which meant they could still be released under the normal process. (openai.com) The other reason this story matters is that OpenAI is not the only lab moving this way. Anthropic updated its Responsible Scaling Policy in February 2026 and built it around “if-then” commitments, where stronger model capabilities trigger stricter safeguards before launch. (anthropic.com) Anthropic has already started using that playbook in public. Amazon Web Services said on April 7, 2026 that Anthropic’s Claude Mythos Preview was being given early access only to organizations that build or maintain critical digital infrastructure, with AWS and a select customer group using it to find and patch vulnerabilities. (aws.amazon.com) So the new pattern is not “build a model, then post a demo.” The new pattern is “build a model, lock it down, hand it to a few defenders first, and see what breaks,” because the same system that can help patch software can also help break into it. (openai.com) If Axios’s report is right, OpenAI is about to make staged release a standard product feature for frontier models. That would mean the most powerful systems are no longer being treated like apps that need users on day one, but like dual-use infrastructure that may need licenses, screening, and limited distribution before the public ever touches them. (axios.com)