OpenAI Slows Down: Why the AI Giant Is Holding Back Its Most Powerful Model Over Cybersecurity Fears

OpenAI is restricting the release of its powerful o3 model after internal safety evaluations revealed elevated cybersecurity capabilities that could help malicious actors exploit software vulnerabilities, marking a rare instance of the company choosing caution over speed.
OpenAI Slows Down: Why the AI Giant Is Holding Back Its Most Powerful Model Over Cybersecurity Fears
Written by Maya Perez

OpenAI has decided to pump the brakes. The company that has spent the past two years racing to release increasingly powerful artificial intelligence models is now deliberately slowing its rollout of a new system — not because the technology isn’t ready, but because it might be too capable for comfort.

The model in question is codenamed o3, and according to Slashdot, OpenAI plans to limit its release due to concerns that the system could help malicious actors carry out cyberattacks. It’s a striking admission from a company that has generally defaulted to speed over caution. And it signals a growing tension inside the AI industry between the commercial imperative to ship fast and the dawning recognition that these tools can cause real, measurable harm when they land in the wrong hands.

The concern is specific. OpenAI’s internal safety evaluations reportedly found that o3 demonstrated an elevated ability to assist with certain cybersecurity tasks — including identifying and exploiting software vulnerabilities. That doesn’t mean the model can autonomously hack into systems. Not yet. But it means a moderately skilled attacker could use it to accelerate their work in ways that previous models couldn’t enable.

This distinction matters. The cybersecurity threat from AI has long been discussed in theoretical terms, often wrapped in apocalyptic language about superintelligent systems launching attacks of their own volition. The reality, at least for now, is far more mundane and arguably more dangerous precisely because of that. AI models don’t need to be autonomous hackers to be useful to hackers. They just need to lower the barrier to entry — to make it easier for someone with moderate technical skills to find exploits, craft phishing campaigns, or write malicious code that would previously have required deep expertise.

OpenAI’s decision to gate the release of o3 reflects this more grounded understanding of the risk. According to reporting from the Financial Times, the company is working with external cybersecurity researchers to evaluate the model’s capabilities before making it widely available. The plan involves a phased rollout, with access initially restricted to vetted partners and security professionals who can stress-test the system under controlled conditions.

Sam Altman, OpenAI’s CEO, has publicly acknowledged the tension. In recent statements, he’s framed the company’s approach as an attempt to balance the enormous commercial demand for more powerful models against the responsibility to avoid unleashing tools that could be weaponized. It’s a fine line, and critics have questioned whether OpenAI — a company that has raised over $13 billion from Microsoft and is aggressively pursuing revenue — is truly capable of choosing safety over speed when the stakes are this high.

The skepticism isn’t unfounded. OpenAI’s track record on safety has been, to put it charitably, inconsistent. The company was founded as a nonprofit research lab with an explicit mission to develop AI safely for the benefit of humanity. It has since restructured into a capped-profit entity, fired and then rehired its CEO in a dramatic boardroom coup, and seen the departure of multiple senior safety researchers who expressed concerns about the company’s direction. Ilya Sutskever, the former chief scientist who was instrumental in the brief ouster of Altman in late 2023, left the company entirely. Jan Leike, who co-led OpenAI’s superalignment team, departed in May 2024 and publicly stated that safety had taken a back seat to “shiny products.”

So when OpenAI says it’s slowing down a release for safety reasons, the natural question is: why now?

One answer is that the technology has genuinely crossed a threshold. The o3 model represents a significant step up in reasoning capability compared to its predecessors. OpenAI’s earlier “o” series models — o1 and o1-mini — introduced what the company calls “chain-of-thought” reasoning, where the model works through problems step by step rather than generating answers in a single pass. The o3 model reportedly extends this capability substantially, allowing it to tackle more complex, multi-step tasks with greater accuracy. In the context of cybersecurity, that means the model can reason through attack chains, identify non-obvious connections between vulnerabilities, and suggest exploitation strategies that a simpler model would miss.

Another answer is regulatory pressure. Governments around the world are moving — slowly, unevenly, but moving — toward AI regulation. The European Union’s AI Act, which entered into force in stages beginning in 2024, imposes specific obligations on developers of general-purpose AI models, including requirements for risk assessment and transparency. In the United States, the approach has been less prescriptive, but the Biden administration’s executive order on AI safety in October 2023 established reporting requirements for companies developing models above certain computational thresholds. The Trump administration, which took office in January 2025, has signaled a more industry-friendly posture, but even within that framework, cybersecurity risks remain a bipartisan concern.

OpenAI may also be responding to competitive dynamics. Anthropic, its most direct rival, has made safety a central part of its brand identity, publishing detailed evaluations of its models’ potential for misuse and implementing what it calls a “responsible scaling policy” that ties model releases to specific safety benchmarks. Google DeepMind has similarly invested in red-teaming and adversarial testing. By publicly restricting the release of o3, OpenAI is sending a signal — to regulators, to enterprise customers, and to the broader public — that it takes these risks seriously. Whether that signal reflects genuine conviction or strategic positioning is a question only time will answer.

The cybersecurity implications of advanced AI models extend well beyond any single company’s decisions. A Microsoft Threat Intelligence report published in early 2024 documented cases of state-affiliated threat actors — including groups linked to Russia, China, Iran, and North Korea — using large language models to research vulnerabilities, draft phishing emails, and develop scripts for malicious purposes. Microsoft and OpenAI jointly disrupted several of these operations, but the report made clear that the use of AI by adversaries is not a hypothetical future concern. It’s happening now.

The challenge is asymmetric. Defenders need to protect every possible entry point. Attackers only need to find one. AI tools that accelerate vulnerability discovery tilt this balance further in favor of the attacker, at least in the near term. Security researchers have long used automated tools to find bugs — that’s the entire basis of the vulnerability disclosure and bug bounty industry. But there’s a meaningful difference between a tool used by a trained professional operating within legal and ethical boundaries and the same tool made available to anyone with an internet connection and unclear intentions.

This is the crux of the dual-use problem that haunts AI development. The same capabilities that make a model useful for legitimate cybersecurity work — scanning code for vulnerabilities, analyzing network traffic, identifying patterns in attack data — also make it useful for offensive operations. There’s no clean technical line between the two. And content filters, while helpful, are imperfect. Researchers have repeatedly demonstrated that safety guardrails on large language models can be bypassed through techniques like prompt injection, jailbreaking, and fine-tuning on adversarial datasets.

OpenAI’s phased approach to the o3 release is, in this context, a pragmatic acknowledgment of a problem the company can’t fully solve. Restricting access buys time. It allows external evaluators to probe the model’s capabilities, identify the most dangerous use cases, and develop mitigations before the system is widely deployed. But it’s a temporary measure. Once a model’s architecture and training methodology are understood — and in the open-source AI community, this knowledge spreads fast — the genie is effectively out of the bottle.

Meta’s decision to open-source its Llama family of models adds another dimension. Open models can be fine-tuned by anyone, for any purpose, without the guardrails that companies like OpenAI and Anthropic impose on their commercial APIs. This doesn’t make open-source AI inherently more dangerous — the security community has benefited enormously from open models — but it does mean that the control mechanisms available to a closed-model provider like OpenAI are not the only game in town. If OpenAI restricts o3, a sufficiently motivated actor could simply turn to an open-source alternative, or wait for a competitor to release something comparable without the same restrictions.

This dynamic creates a collective action problem. No single company’s restraint can prevent the misuse of AI for cyberattacks if other developers don’t exercise similar caution. And the incentive structure of the AI industry — where being first to market with the most powerful model translates directly into revenue, talent acquisition, and investor confidence — works against collective restraint.

Still, OpenAI’s move is significant. Not because it solves the problem. Because it forces the conversation.

The company is essentially saying: we built something that’s good enough at offensive cybersecurity tasks that we’re not comfortable releasing it without additional safeguards. That’s a data point. It tells us something about where the capability curve is heading and how quickly the gap between AI-assisted and human-only offensive operations is closing. For CISOs, for policymakers, for anyone responsible for defending digital infrastructure, that’s information worth paying attention to.

The broader question is whether the industry will develop governance structures capable of managing these risks before the technology outpaces them. The track record on this front is not encouraging. Social media platforms spent a decade scaling before meaningful content moderation frameworks emerged. Cloud computing grew explosively before shared responsibility models for security were standardized. AI is moving faster than either of those technologies did, and the potential consequences of getting it wrong are at least as severe.

OpenAI’s decision to hold back o3 is a small, imperfect step in the right direction. It won’t stop nation-state hackers. It won’t prevent the eventual proliferation of AI-powered offensive tools. But it establishes a precedent — the idea that a model’s capabilities should be evaluated against specific, real-world threat scenarios before it’s released, and that commercial considerations shouldn’t automatically override safety concerns.

Whether that precedent holds is another matter entirely. The next model is always just months away. And the pressure to ship never lets up.

Subscribe for Updates

AISecurityPro Newsletter

A focused newsletter covering the security, risk, and governance challenges emerging from the rapid adoption of artificial intelligence.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us