An OpenAI spokesperson disputed the watch dog’s position, telling Fortune the company was “confident in our compliance with frontier safety laws, including SB 53.”
The controversy centers on GPT-5.3-Codex, OpenAI’s newest coding model, which was released last week. The model is part of an effort by OpenAI to reclaim its lead in AI-powered coding and, according to benchmark data OpenAI released, shows markedly higher performance on coding tasks than earlier model versions from both OpenAI and competitors like Anthropic. However, the model has also raised unprecedented cybersecurity concerns.
AI watchdog group the Midas Project is claiming OpenAI failed to stick to its own safety commitments—which are now legally binding under California law—with the launch of the new high-risk model.
OpenAI says the Midas Project’s interpretation of the wording in its Preparedness Framework is wrong, although it also said that the wording in the framework is “ambiguous” and that it sought to clarify the intent of the wording in that framework with a statement in the safety report the company released with GPT-5.3-Codex. In that safety report, OpenAI said that extra safeguards are only needed when high cyber risk occurs “in conjunction with” long-range autonomy—the ability to operate independently over extended periods. Since the company believes GPT-5.3-Codex lacks this autonomy, they say the safeguards weren’t required.
“GPT-5.3-Codex completed our full testing and governance process, as detailed in the publicly released system card, and did not demonstrate long-range autonomy capabilities based on proxy evaluations and confirmed by internal expert judgments, including from our Safety Advisory Group,” the spokesperson said. The company has also said, however, that it lacks a definitive way to assess a model’s long-range autonomy and so relies on tests that it believes can act as proxies for this metric while it works to develop better evaluation methods.
The Midas Project also claims that OpenAI cannot definitively prove the model lacks the autonomy required for the extra measures, as the company’s previous, less advanced model already topped global benchmarks for autonomous task completion. The group argues that even if the rules were unclear, OpenAI should have clarified them before releasing the model.
Tyler Johnston, founder of Midas Project, called the potential violation “especially embarrassing given how low the floor SB 53 sets is: basically just adopt a voluntary safety plan of your choice and communicate honestly about it, changing it as needed, but not violating or lying about it.”
If an investigation is opened and the allegations prove accurate, SB 53 allows for substantial penalties for violations, potentially running into millions of dollars depending on the severity and duration of noncompliance. A representative for the California Attorney General’s Office told Fortune the department was “committed to enforcing the laws of our state, including those enacted to increase transparency and safety in the emerging AI space.” However, they said the department was unable to comment on, even to confirm or deny, potential or ongoing investigations.
Updated, Feb. 10: This story has been updated to move OpenAI’s statement that it believes that it is in compliance with the California AI law higher in the story. The headlines has also been changed to make clear that OpenAI is disputing the allegations from the watch dog group. In addition, the story has been updated to clarify that OpenAI’s statement in the GPT-5.3-Codex safety report was meant to clarify what the company says was ambiguous language in its Preparedness Framework.
