Visit our security portal to learn more about our security controls and compliance activities. ... The OpenAI API and ChatGPT business plans undergo regular third-party penetration testing to identify security weaknesses before they can be exploited by malicious actors.

2 days ago - OpenAI isn’t alone in recognizing that prompt-based injections aren’t going away. The U.K.’s National Cyber Security Centre earlier this month warned that prompt injection attacks against generative AI applications “may never be totally mitigated,” putting websites at risk of falling victim to data breaches.

It will oversee, among other things, the safety and security processes guiding OpenAI’s model development and deployment. The Safety and Security Committee will be briefed by company leadership on safety evaluations for major model releases, and will, along with the full board, exercise oversight over model launches, including having the authority to delay a release until safety concerns are addressed.

1 day ago - OpenAI said on Monday that prompt injection attacks, a cybersecurity risk unique to AI agents, are likely to remain a long-term security challenge.

September 12, 2024 - OpenAI's methodology, which involves ... requirements. A central concern regarding GDPR compliance is the potential use of personal data without explicit consent....

Learn how to implement safety measures like moderation, adversarial testing, human oversight, and prompt engineering to ensure responsible AI deployment.

July 12, 2024 - The stakes around safety, according to OpenAI and others studying the emergent technology, are immense. “Current frontier AI development poses urgent and growing risks to national security,” a report commissioned by the US State Department ...

July 9, 2025 - The beefed-up security includes “information tenting” policies that limit staff access to sensitive algorithms and new products, the report said. For example, during development of OpenAI’s o1 model, only verified team members who had ...

If the services that Supplier provides involve Access to Covered Data of OpenAI or its affiliates, then Supplier represents and warrants that: (i) neither it nor any of its affiliates is or will be organized or chartered in a Country of Concern, has or will have its principal place of business in a Country of Concern, or is or will be 50% or more owned, directly or indirectly, individually or in the aggregate, by one or more Countries of Concern or Covered Persons; and (ii) neither Supplier, nor any of its affiliates, nor any employee or contractor of Supplier who has Access to such Covered Data is or will be located in a Country of Concern, has been determined by the U.S.

July 8, 2025 - Artificial intelligence group has added fingerprint scans and hired military experts to protect important data

1 day ago - It is quite clear that OpenAI is not assuring users about the risks posed by these attacks on its AI browser but any long term fix for these risks will help in a big way, not only for Atlas but other similar browsers.

... The information that may have been affected here could be used as part of phishing or social engineering attacks against you or your organization. Since names, email addresses, and OpenAI API metadata (e.g., user IDs) were included, we encourage ...

10 hours ago - What concerns security leaders is the gap between this reality and enterprise readiness. A VentureBeat survey of 100 technical decision-makers found that 34.7% of organizations have deployed dedicated prompt injection defenses. The remaining 65.3% either haven't purchased these tools or couldn't confirm they have. The threat is now officially permanent. Most enterprises still aren’t equipped to detect it, let alone stop it. OpenAI's defensive architecture deserves scrutiny because it represents the current ceiling of what's possible.

2 days ago - OpenAI admits Atlas AI browser and similar tools will never be fully secure from prompt injection attacks that exploit hidden commands in web content.

OpenAI states that all customer data is encrypted both in transit and at rest. This prevents unauthorized access to sensitive information. They also comply with SOC 2 Type 2 standards.

1 day ago - However, some cybersecurity experts are skeptical that OpenAI’s approach can address the fundamental problem. “What concerns me is that we’re trying to retrofit one of the most security-sensitive pieces of consumer software with a technology that’s still probabilistic, opaque, and easy ...

2 weeks ago - What they're saying: "What I would explicitly call out as the forcing function for this is the model's ability to work for extended periods of time," OpenAI's Fouad Matin told Axios in an exclusive interview. These kinds of brute force attacks that rely on this extended time are more easily defended, Matin says. "In any defended environment this would be caught pretty easily," he added. The big picture: Leading models are getting better at finding security vulnerabilities — and not just models from OpenAI.

2 weeks ago - OpenAI on Wednesday warned that its upcoming artificial intelligence models could pose a "high" cybersecurity risk, as their capabilities advance rapidly.

2 days ago - OpenAI says prompt injection attacks remain unsolved, long-term security risk for AI-powered browsers like its Atlas agent, despite ongoing defensive upgrades.