OpenAI may have violated California’s new AI safety law with the release of its latest coding model, according to allegations from an AI watchdog group.
A violation would potentially expose the company to millions of dollars in fines, and the case may become a precedent-setting first test of the new law’s provisions.
An OpenAI spokesperson disputed the watch dog’s position, telling Fortune the company was “confident in our compliance with frontier safety laws, including SB 53.”
The controversy centers on GPT-5.3-Codex, OpenAI’s newest coding model, which was released last week. The model is part of an effort by OpenAI to reclaim its lead in AI-powered coding and, according to benchmark data OpenAI released, shows markedly higher performance on coding tasks than earlier model versions from both OpenAI and competitors like Anthropic. However, the model has also raised unprecedented cybersecurity concerns.
CEO Sam Altman said the model was the first to hit the “high” risk category for cybersecurity on the company’s Preparedness Framework, an internal risk classification system OpenAI uses for model releases. This means OpenAI is essentially classifying the model as capable enough at coding to potentially facilitate significant cyber harm, especially if automated or used at scale.
AI watchdog group the Midas Project is claiming OpenAI failed to stick to its own safety commitments—which are now legally binding under California law—with the launch of the new high-risk model.
California’s SB 53, which went into effect in January, requires major AI companies to publish and stick to their own safety frameworks, detailing how they’ll prevent catastrophic risks—defined as incidents causing more than 50 deaths or $1 billion in property damage—from their models. It also prohibits these companies from making misleading statements about compliance.
OpenAI’s safety framework requires special safeguards for models with high cybersecurity risk that are designed to prevent the AI from going rogue and doing things like acting deceptively, sabotaging safety research, or hiding its true capabilities. However, the Midas Project said that despite triggering the “high risk” cybersecurity threshold, OpenAI didn’t appear to have implemented the specific misalignment safeguards before deployment.
OpenAI says the Midas Project’s interpretation of the wording in its Preparedness Framework is wrong, although it also said that the wording in the framework is “ambiguous” and that it sought to clarify the intent of the wording in that framework with a statement in the safety report the company released with GPT-5.3-Codex. In that safety report, OpenAI said that extra safeguards are only needed when high cyber risk occurs “in conjunction with” long-range autonomy—the ability to operate independently over extended periods. Since the company believes GPT-5.3-Codex lacks this autonomy, they say the safeguards weren’t required.
“GPT-5.3-Codex completed our full testing and governance process, as detailed in the publicly released system card, and did not demonstrate long-range autonomy capabilities based on proxy evaluations and confirmed by internal expert judgments, including from our Safety Advisory Group,” the spokesperson said. The company has also said, however, that it lacks a definitive way to assess a model’s long-range autonomy and so relies on tests that it believes can act as proxies for this metric while it works to develop better evaluation methods.
However, some safety researchers have disputed OpenAI’s interpretation. Nathan Calvin, vice president of state affairs and general counsel at Encode, said in a post on X: “Rather than admit they didn’t follow their plan or update it before the release, it looks like OpenAI is saying that the criteria was ambiguous. From reading the relevant docs … it doesn’t look ambiguous to me.”
The Midas Project also claims that OpenAI cannot definitively prove the model lacks the autonomy required for the extra measures, as the company’s previous, less advanced model already topped global benchmarks for autonomous task completion. The group argues that even if the rules were unclear, OpenAI should have clarified them before releasing the model.
Tyler Johnston, founder of Midas Project, called the potential violation “especially embarrassing given how low the floor SB 53 sets is: basically just adopt a voluntary safety plan of your choice and communicate honestly about it, changing it as needed, but not violating or lying about it.”
If an investigation is opened and the allegations prove accurate, SB 53 allows for substantial penalties for violations, potentially running into millions of dollars depending on the severity and duration of noncompliance. A representative for the California Attorney General’s Office told Fortune the department was “committed to enforcing the laws of our state, including those enacted to increase transparency and safety in the emerging AI space.” However, they said the department was unable to comment on, even to confirm or deny, potential or ongoing investigations.
Updated, Feb. 10: This story has been updated to move OpenAI’s statement that it believes that it is in compliance with the California AI law higher in the story. The headlines has also been changed to make clear that OpenAI is disputing the allegations from the watch dog group. In addition, the story has been updated to clarify that OpenAI’s statement in the GPT-5.3-Codex safety report was meant to clarify what the company says was ambiguous language in its Preparedness Framework.
