OpenAI just published a blog post about how they keep ChatGPT safe. It’s one of those pieces that sounds like corporate reassurance at first read, but if you dig past the PR polish, there’s some genuinely interesting stuff about how they’re tackling the constant cat-and-mouse game of AI safety.
Let’s start with the model safeguards. OpenAI has been layering safety training into the model itself for a while now. The idea is simple: before ChatGPT even generates a response, the model has been fine-tuned to avoid certain topics or tones. They call this “instruction hierarchy,” which is a fancy way of saying the model knows that safety rules override user requests. If you ask it to write a phishing email, the model should refuse because the safety instruction sits above the “follow user’s request” instruction. That’s been around for a while, but they claim they’ve gotten better at it. I’d believe that—anyone who’s used ChatGPT in the last six months can tell you it’s harder to jailbreak than it used to be.
But safeguards alone aren’t enough. OpenAI also runs real-time misuse detection. Every time you send a prompt to ChatGPT, it passes through a classification system that flags anything suspicious. This isn’t the model itself deciding—it’s a separate layer that looks for known patterns of abuse. If the classifier sees something that looks like a jailbreak attempt or a request for harmful content, it can block the response before the model even starts generating. This is where the cat-and-mouse part comes in. People keep finding new ways to phrase things that slip past the classifiers, so OpenAI has to constantly update those patterns. I’ve seen some of the jailbreak attempts floating around on forums, and honestly, some of them are clever. But OpenAI’s team is clearly watching, because those tricks usually stop working within a week or two.
Policy enforcement is the third leg of the stool. OpenAI has a usage policy that bans certain things—hate speech, harassment, illegal activity, and so on. They enforce this through a combination of automated systems and human reviewers. The automated part catches the obvious stuff, but borderline cases get escalated to actual people. That’s expensive and slow, but it’s necessary. No classifier is perfect, and false positives can be frustrating for users who get blocked for something innocent. I’ve had that happen once or twice, and it’s annoying, but I’d rather have that than the alternative.
What I find most interesting is their collaboration with external safety experts. OpenAI has a Safety Advisory Group that includes researchers from outside the company. They also do red-teaming exercises where they hire people to try to break the system. This isn’t new—they’ve done this since GPT-3 days—but they’ve expanded it significantly. They also publish some of their safety research, though not all of it. I wish they were more transparent about the specific vulnerabilities they’ve found, but I understand the tension: if you publish a jailbreak method, you’re basically handing out instructions to bad actors.
One thing that bothers me is the lack of specifics on how many violations they actually catch. The post talks about “improving detection rates” but doesn’t give numbers. How many harmful requests get through? What’s the false positive rate? I get that they don’t want to reveal too much, but a little more transparency would build trust. The whole post feels like a status report for investors and regulators, not for the users who actually interact with the system every day.
Still, I’ll give them credit for acknowledging the challenges. They mention that safety is an ongoing process, not a one-time fix. That’s honest. AI safety isn’t something you solve and move on from. It’s a continuous arms race between defenders and attackers, and OpenAI is putting real resources into staying ahead. Whether that’s enough depends on how much you trust a company that’s also racing to deploy the next generation of models.
At the end of the day, this post is a reminder that safety in AI is messy. There’s no magic bullet. It’s a combination of technical safeguards, human oversight, and constant iteration. And it’s never going to be perfect. But at least they’re trying, which is more than some companies in this space can say.
Comments (0)
Login Log in to comment.
Be the first to comment!