5 ways AI models are getting too risky

Frontier AI companies are increasingly limiting access to their most capable models because of misuse risks.

OpenAI’s GPT-Rosalind, announced April 16, outperforms public models on chemistry, biology, and experimental design, yet is limited to trusted users. That choice is part of a wider shift in how powerful AI gets released.

Item	Access model	Risk focus
GPT-Rosalind	Trusted access program	Biology and chemistry misuse
Claude Mythos	Qualified customers	Cyber and dual-use tasks
GPT-5.4-Cyber	Restricted release	Cybersecurity abuse
Open-source frontier models	Public download	Fast diffusion of capabilities

1. Trusted access is becoming the default for the best models

OpenAI and Anthropic are no longer treating every new frontier model as a public launch. GPT-Rosalind and Claude Mythos were both held back from general release, with access limited to vetted users, partners, or organizations with internal controls.

That matters because it changes the product model itself. Instead of a broad consumer rollout, companies are increasingly using approval gates, usage review, and partner-only access to decide who gets the most capable systems.

• OpenAI: “trusted access program” for GPT-Rosalind
• Anthropic: “qualified customers” for Claude Mythos
• Access review can include internal controls and partner screening

2. Biology is now a release-risk category

The clearest example in the article is life sciences. GPT-Rosalind is aimed at chemistry, biology, and experimental design, but those same strengths can also help with harmful biological work if misused.

That dual-use problem is why some chatbots already refuse prompts about risky viral mutations. The challenge is that legitimate research and harmful experimentation can look similar at the model level, which makes policy hard to write and harder to enforce.

• Useful for: drug discovery, lab planning, research support
• Risky for: pathogen optimization, harmful experimental design
• Current practice: some systems block detailed COVID mutation questions

3. Cyber tools are easier to measure, and easier to restrict

Cybersecurity is the other major domain driving restrictions. Anthropic has used Claude Mythos with government agencies and private companies to find and patch vulnerabilities, but the same capability can help attackers probe systems.

Compared with biology, cyber risk is more concrete. As one expert in the article notes, it is easier to ask whether a model can crack existing systems than to predict a biological harm chain that may take far longer to unfold.

Examples of cyber-dual-use behavior: - finding vulnerabilities in software - generating exploit ideas - helping defenders patch systems faster - assisting attackers with reconnaissance

4. Government oversight is moving from theory to pressure

The article shows a growing argument that private companies should not make the final call on high-risk AI access. Rep. Mark DeSaulnier says the federal government has a role, while ControlAI’s Connor Leahy compares AI risk decisions to government rules on toxic pollution.

That debate is not abstract anymore. Anthropic’s relationship with the White House has reportedly improved, the NSA has begun using Claude Mythos, and the article suggests that these choices are becoming part of public policy, not just product strategy.

• Supporters of oversight want external rules for release decisions
• Companies argue trusted access can manage risk while expanding use
• Policy disputes now include who counts as a legitimate researcher

5. Open-source models may spread frontier capabilities anyway

Even if companies lock down their strongest systems, open-source models may catch up fast. Epoch AI estimates open-source models have lagged leading proprietary systems by three to seven months, which means similar capabilities could appear publicly soon.

That creates a difficult tradeoff. Restricting access may slow diffusion for now, but if open models keep improving, the same capabilities could spread beyond any single company’s control. The article also notes that some unauthorized users may already have accessed Claude Mythos.

• Open-source models can be downloaded and run freely
• Lag behind proprietary models: about three to seven months
• Risk: faster diffusion to attackers and fewer company controls

How to decide

If you care most about near-term policy, the biggest story is trusted access and government oversight. If you care about technical risk, cyber and biology are the two domains to watch first, since they already shape how companies decide who gets access.

If you are tracking where frontier AI goes next, watch open-source diffusion. Even with restrictions, the article’s core warning is that the newest models may not stay private for long, and the debate over who should control them is only getting bigger.