The decision to lock OpenAI's strongest cyber models rests on a threshold the company wrote for itself.
The paper argued on June 28 that OpenAI's cyber capability jumps while one company guards the door, noting that capture-the-flag hacking performance rose from 27 percent in August 2025 to 76 percent on a later model. [2] The door has a rulebook, and this is it. OpenAI's Preparedness Framework sets the capability categories and the thresholds at which a model triggers safeguards. Cybersecurity is one of its tracked categories, alongside biological and chemical risk and AI self-improvement, and the framework commits the company to evaluate, govern, and disclose the safeguards it applies. [1]
The gate follows the threshold. Once a model's cyber capability crosses the level the framework calls high, OpenAI's Trusted Access for Cyber places it behind identity verification, releasing the strongest models only to users it has vetted. [3] The framework decides when a capability is dangerous enough to restrict; the access program decides who clears the bar. Read together, they describe a complete governance system — measurement, threshold, and gate — run inside a single firm.
That is what both sides of the X argument miss. One camp calls the gate censorship, OpenAI hoarding power tools. Another calls it safety theater, a verification step that inconveniences researchers while doing little against well-resourced attackers. The documents establish something narrower and more consequential: the criteria that decide when the most dangerous category of model gets locked are set, tested, and revised by the same company that builds and benchmarks the model. [1]
This is the divergence the paper keeps. X argues access as free expression or as spectacle. Mainstream coverage — Wired, the wires — reports the cyber-capability race between labs, the 27-to-76 climb and who leads it. The under-covered story is the quiet substitution: a public standard for when offensive capability should be restricted does not exist, so a private threshold stands in its place, disclosed by the firm and changeable by it. [3]
The framework may be wise, and disclosure is better than silence. But a threshold that one company writes, measures against its own models, and can move without a regulator or an appeal is still a governing decision dressed as an engineering one. [1] Until a feed reads the framework as the rulebook it is, it is arguing about a doorway while a company quietly writes the rule for who walks through. [3]
-- ANNA WEBER, Berlin