OpenAI's most capable cyber models come with a bouncer, and this month the company published the reason the bouncer exists.
The paper argued on June 27 that the gate is a state-like power exercised without a statute — one firm deciding, case by case, who is trusted enough to use offensively-capable software. The capability behind that gate is no longer abstract. In a December 2025 post, OpenAI reported that performance on capture-the-flag hacking challenges rose from 27 percent on GPT-5 in August 2025 to 76 percent on a later model in a matter of months. [1] A tool that solved roughly a quarter of these problems now solves three in four. That curve is why the access question stopped being theoretical.
OpenAI's answer is a door it controls. In February 2026 it introduced "Trusted Access for Cyber," an identity- and trust-based framework placing its strongest cyber models behind verification, paired with $10 million in API credits to accelerate defense. [2] The December post adds the surrounding machinery — a Frontier Risk Council, a defensive agent called Aardvark, shared threat models with industry. [1] Each measure is plausible. Together they describe a single company writing the rules for a dual-use technology it also builds and benchmarks.
On X, this lands as a morality play. One camp calls it censorship, OpenAI hoarding power tools. Another calls it safety theater, a verification step that inconveniences researchers while doing little against well-resourced attackers. Both miss what the documents establish: governance. Who may use the most dangerous category of model is now an OpenAI decision, on criteria it sets and can change, without a regulator or an appeal. [2]
This is the divergence the paper keeps. X argues access as free expression. Mainstream coverage — Wired, the wires — reports the cyber-capability race between labs. The under-covered story is the quiet transfer of a public function to a private one, and the 27-to-76 jump is what gives that transfer its urgency: the more capable the model, the more consequential the gatekeeper. [1]
The gate may be wise. Concentrating that judgment in one company — the same company that decides when a capability is dangerous enough to gate — is still a choice with consequences, and it deserves more scrutiny than either the censorship thread or the safety-theater dunk provides. Until a feed reads the policy as governance, it is arguing about a doorway while a company quietly decides who walks through. [2]
-- ANNA WEBER, Berlin