Enterprises, keen to make sure any AI fashions they use adhere to security and safe-use insurance policies, fine-tune LLMs so they don’t reply to undesirable queries.
Nonetheless, a lot of the safeguarding and purple teaming occurs earlier than deployment, “baking in” insurance policies earlier than customers totally take a look at the fashions’ capabilities in manufacturing. OpenAI believes it will probably supply a extra versatile choice for enterprises and encourage extra firms to usher in security insurance policies.
The corporate has launched two open-weight fashions underneath analysis preview that it believes will make enterprises and fashions extra versatile when it comes to safeguards. gpt-oss-safeguard-120b and gpt-oss-safeguard-20b shall be out there on a permissive Apache 2.0 license. The fashions are fine-tuned variations of OpenAI’s open-source gpt-oss, launched in August, marking the primary launch within the oss household for the reason that summer season.
In a weblog publish, OpenAI mentioned oss-safeguard makes use of reasoning “to directly interpret a developer-provider policy at inference time — classifying user messages, completions and full chats according to the developer’s needs.”
The corporate defined that, for the reason that mannequin makes use of a chain-of-thought (CoT), builders can get explanations of the mannequin's choices for evaluation.
“Additionally, the policy is provided during inference, rather than being trained into the model, so it is easy for developers to iteratively revise policies to increase performance," OpenAI said in its post. "This approach, which we initially developed for internal use, is significantly more flexible than the traditional method of training a classifier to indirectly infer a decision boundary from a large number of labeled examples."
Developers can download both models from Hugging Face.
Flexibility versus baking in
At the onset, AI models will not know a company’s preferred safety triggers. While model providers do red-team models and platforms, these safeguards are intended for broader use. Companies like Microsoft and Amazon Web Services even offer platforms to bring guardrails to AI applications and agents.
Enterprises use safety classifiers to help train a model to recognize patterns of good or bad inputs. This helps the models learn which queries they shouldn’t reply to. It also helps ensure that the models do not drift and answer accurately.
“Traditional classifiers can have high performance, with low latency and operating cost," OpenAI said. "But gathering a sufficient quantity of training examples can be time-consuming and costly, and updating or changing the policy requires re-training the classifier."
The models takes in two inputs at once before it outputs a conclusion on where the content fails. It takes a policy and the content to classify under its guidelines. OpenAI said the models work best in situations where:
The potential harm is emerging or evolving, and policies need to adapt quickly.
The domain is highly nuanced and difficult for smaller classifiers to handle.
Developers don’t have enough samples to train a high-quality classifier for each risk on their platform.
Latency is less important than producing high-quality, explainable labels.
The company said gpt-oss-safeguard “is different because its reasoning capabilities allow developers to apply any policy,” even ones they’ve written throughout inference.
The fashions are primarily based on OpenAI’s inner software, the Security Reasoner, which permits its groups to be extra iterative in setting guardrails. They usually start with very strict security insurance policies, “and use relatively large amounts of compute where needed,” then modify insurance policies as they transfer the mannequin by way of manufacturing and danger assessments change.
Performing security
OpenAI mentioned the gpt-oss-safeguard fashions outperformed its GPT-5-thinking and the unique gpt-oss fashions on multipolicy accuracy primarily based on benchmark testing. It additionally ran the fashions on the ToxicChat public benchmark, the place they carried out nicely, though GPT-5-thinking and the Security Reasoner barely edged them out.
However there may be concern that this strategy may convey a centralization of security requirements.
“Safety is not a well-defined concept. Any implementation of safety standards will reflect the values and priorities of the organization that creates it, as well as the limits and deficiencies of its models,” mentioned John Thickstun, an assistant professor of pc science at Cornell College. “If industry as a whole adopts standards developed by OpenAI, we risk institutionalizing one particular perspective on safety and short-circuiting broader investigations into the safety needs for AI deployments across many sectors of society.”
It also needs to be famous that OpenAI didn’t launch the bottom mannequin for the oss household of fashions, so builders can not totally iterate on them.
OpenAI, nonetheless, is assured that the developer group can assist refine gpt-oss-safeguard. It is going to host a Hackathon on December 8 in San Francisco.
