{"id":15317,"date":"2025-12-12T01:11:50","date_gmt":"2025-12-12T01:11:50","guid":{"rendered":"https:\/\/newestek.com\/?p=15317"},"modified":"2025-12-12T01:11:50","modified_gmt":"2025-12-12T01:11:50","slug":"openai-expands-defense-in-depth-security-to-stop-hackers-using-its-ai-models-to-launch-cyberattacks","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15317","title":{"rendered":"OpenAI expands \u2018defense in depth\u2019 security to stop hackers using its AI models to launch cyberattacks"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

OpenAI is preparing for the possibility that threat groups will try to abuse its increasingly powerful AI frontier models to carry out sophisticated cyberattacks.<\/p>\n

In a blog, the company describes<\/a> how the evolving capabilities of its models could be used to \u201cdevelop working zero-day remote exploits against well-defended systems, or meaningfully assist with complex, stealthy enterprise or industrial intrusion operations aimed at real-world effects.\u201d<\/p>\n

According to OpenAI, the underlying problem is that offensive and defensive uses of AI rely on the same knowledge and techniques. This makes it challenging to enable one without making possible the other. <\/p>\n

\u201cWe are investing in safeguards to help ensure these powerful capabilities primarily benefit defensive uses and limit uplift for malicious purposes,\u201d the company said, adding, \u201cwe see this work not as a one-time effort, but as a sustained, long-term investment in giving defenders an advantage and continually strengthening the security posture of the critical infrastructure across the broader ecosystem.\u201d<\/p>\n

One new initiative is the Frontier Risk Council. The company offered few details of how this will operate, but said it was part of an expanding \u201cdefense in depth\u201d strategy designed to contain the widely-speculated potential of AI as an adversarial tool.<\/p>\n

\u201cMembers will advise on the boundary between useful, responsible capability and potential misuse, and these learnings will directly inform our evaluations and safeguards. We will share more on the council soon\u201d OpenAI said. \u00a0<\/p>\n

Other initiatives mentioned in the blog include expanding guardrails against misuse, external Red Team testing to assess model security, and a trusted access program designed to give qualifying customers access to enhanced models to explore defensive use cases.<\/p>\n

OpenAI also plans to expand its use of its recently announced Aardvark Agentic Security Researcher scanning tool<\/a> beta to identify vulnerabilities in its codebase and suggest patches or mitigations.<\/p>\n

Red Teaming AI<\/h2>\n

AI companies find themselves under increasing pressure to explain how they will block model misuse. The anxiety is not hypothetical; last month, OpenAI rival Anthropic admitted<\/a> that its AI programming tool, Claude Code, had been used as part of a cyberattack targeting 30 organizations, the first time malicious AI exploitation has been discovered on this scale.<\/p>\n

Meanwhile, university researchers in the US reported this week that the Artemis AI research platform outperformed nine out of ten penetration testers<\/a> at finding security vulnerabilities. As the team pointed out, it did this at a fraction of the cost of a human researcher, potentially expanding access to such capabilities beyond well-resourced criminals.<\/p>\n

Balancing this is the possibility that defenders could use AI to find the same vulnerabilities. OpenAI\u2019s blog alludes to this capability when it mentions testing its models against the Red Teaming Network<\/a> it announced two years ago.<\/p>\n

The reaction of industry experts to OpenAI\u2019s latest announcement has been mixed. A recurring worry is the inherent difficulty of stopping malicious use of leading models.<\/p>\n

\u201cOpenAI is asking models to constrain their own capabilities through refusal training, which can be compared to asking a lock to decide when it should open,\u201d commented Jesse Williams<\/a>, co-founder and COO of AI agent DevOps company, Jozu. In effect, the model, not its human authors, defines what is harmful.<\/p>\n

\u201cThe distinction is intent and authorization, which models cannot infer from prompts. Jailbreaks consistently defeat refusal training, and sophisticated adversaries will probe detection boundaries and route around them. Safeguards reduce casual misuse, but won\u2019t stop determined threats,\u201d said Williams.<\/p>\n

\u201cOpenAI\u2019s \u2018trusted access program\u2019 sounds reasonable until you examine implementation. Who qualifies as trusted? University researchers? Defense contractors? Foreign SOC analysts?\u201d<\/p>\n

According to Rob Lee<\/a>, chief AI officer at the SANS Institute, the problem of AI misuse can\u2019t be solved by one company on its own \u2013 not even the mighty OpenAI. \u201cCompanies are pushing models that can autonomously discover or weaponize vulnerabilities, but the global safety ecosystem \u2014 governments, frontier labs, researchers, and standards bodies \u2014 is fragmented and uncoordinated,\u201d said Lee.<\/p>\n

\u201cThe result is a widening gap where speed becomes its own vulnerability, creating conditions for cascading failures across infrastructure, finance, healthcare, and critical systems.\u201d<\/p>\n

Not all experts are this pessimistic. According to Allan Liska<\/a>, threat intelligence analyst at Recorded Future, it is important not to exaggerate the threat posed by AI. \u201cWhile we have reported an uptick in interest and capabilities of both nation-state and cybercriminal threat actors when it comes to AI usage, these threats do not exceed the ability of organizations following best security practices,\u201d said Liska.<\/p>\n

\u201cThat may change in the future, however, at this moment it is more important than ever to understand the difference between hype and reality when it comes to AI and other threats.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

OpenAI is preparing for the possibility that threat groups will try to abuse its increasingly powerful AI frontier models to carry out sophisticated cyberattacks. In a blog, the company describes how the evolving capabilities of its models could be used to \u201cdevelop working zero-day remote exploits against well-defended systems, or meaningfully assist with complex, stealthy enterprise or industrial intrusion operations aimed at real-world effects.\u201d According… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15317","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15317"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15317\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15317"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15317"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}