OpenAI
AI
ModelPolicy,FrontierCyberRisk
Neural analysis suggests this role is
optimal for Mid+ candidates.
“Model Policy, Frontier Cyber Risk at OpenAI. Skills: cybersecurity, AI safety, threat modeling, policy development, evaluation science. Design and maintain model policies for cybersecurity and frontier-risk domains, especially dual-use and high-risk cyber capabilities.. Translate cybersecurity threat models into clear behavioral specifications, evaluation criteria, grading guidance, and system-level mitigations.”
What You'll Achieve.
aligns model behavior with desired human values and norms; driving rapid policy taxonomy iteration based on data; defining evaluation criteria for foundational models’ ability to reason about safety; define how OpenAI’s models should behave in high-risk cybersecurity contexts; develop policy frameworks, threat models, taxonomies, evaluations, and behavioral specifications that guide model behavior across training, deployment, and monitoring systems; build policies that are technically grounded, measurable, enforceable, and responsive to real-world cyber risk; operationalize policies into scalable model behavior and measurable safeguards; improve policy and evaluation quality over time; reducing real-world risk while preserving legitimate, beneficial, and defensive uses of AI
Industry & Context.
translating technical security expertise into structured policy frameworks; translating technical security expertise into evaluation criteria; translating technical security expertise into operational guidance; translating technical security expertise into enforcement mechanisms; using empirical evidence to inform policy decisions; systems thinking
hybrid model: three days in the office per week with optional work from home on Thursdays and Fridays.
What They're Looking For.
Must Have
technical expertise in cybersecurity, such as offensive security, defensive security, vulnerability research, malware analysis, incident response, threat intelligence, application security, exploit development, infrastructure security, or cloud security., judgment about how AI systems may affect the cyber threat landscape, including dual-use, autonomous, or agentic system risks., Ability to distinguish between legitimate security use cases and assistance that could materially enable harmful cyber activity., Experience building or applying threat models to complex technical systems, especially in adversarial or high-risk environments., Ability to translate technical security expertise into structured policy frameworks, evaluation criteria, operational guidance, and enforcement mechanisms., Comfort using empirical evidence, including evaluations, red-teaming results, deployment observations, and model failure modes, to inform policy decisions., systems thinking across policy, evaluations, classifiers, training, deployment safeguards, measurement, and monitoring., Ability to work cross-functionally with researchers, engineers, product teams, policy experts, and operational stakeholders., written communication skills, especially the ability to explain complex technical and security concepts clearly., A pragmatic approach to safety: focused on reducing real-world risk while preserving legitimate, beneficial, and defensive uses of AI.
What You'll Do.
Design and maintain model policies for cybersecurity and frontier-risk domains
especially dual-use and high-risk cyber capabilities.
Translate cybersecurity threat models into clear behavioral specifications
and system-level mitigations.
Define practical boundaries between legitimate security research
and assistance that could materially enable harmful activity.
Build policy artifacts that support implementation across training
and escalation systems.
Partner with safety researchers
and evaluation teams to operationalize policies into scalable model behavior and measurable safeguards.
Analyze red-teaming results
and ambiguous edge cases to improve policy and evaluation quality over time.
Identify emerging cyber capability areas where advanced AI systems could lower barriers to misuse or increase operational capability for malicious actors.
Contribute to system cards
and external communications on OpenAI’s approach to cyber risk mitigation.
How You'll Work.
Team & Collaboration
work closely with research, engineering, safety training, preparedness, and product teams; Partner with safety researchers, engineers, and evaluation teams; work cross-functionally with researchers, engineers, product teams, policy experts, and operational stakeholders
Communication Scope
written communication skills; ability to explain complex technical and security concepts clearly
Full Job Description
About the Team Our Safety Systems https://openai.com/safety/safety-systems team is at the forefront of OpenAI's mission to build and deploy safe AGI, driving our commitment to AI safety and fostering a culture of trust and transparency. Within Safety Systems, the Model Policy team aligns model behavior with desired human values and norms. We co-design policy with models and for models by driving rapid policy taxonomy iteration based on data and defining evaluation criteria for foundational models’ ability to reason about safety. About the Role Frontier AI systems are rapidly expanding what is possible in cybersecurity and software engineering. These capabilities create major defensive opportunities, but they also raise serious dual-use and misuse risks across areas such as malware development, exploit discovery, vulnerability chaining, credential abuse, cyber intrusion, and autonomous offensive operations. In this role, you will help define how OpenAI’s models should behave in high-risk cybersecurity contexts. You will develop policy frameworks, threat models, taxonomies, evaluations, and behavioral specifications that guide model behavior across training, deployment, and monitoring systems. This role sits at the intersection of cybersecurity, AI safety, threat modeling, evaluation science, and policy implementation. You will work closely with research, engineering, safety training, preparedness, and product teams to build policies that are technically grounded, measurable, enforceable, and responsive to real-world cyber risk. Your Responsibilities: - Design and maintain model policies for cybersecurity and frontier-risk domains, especially dual-use and high-risk cyber capabilities. - Translate cybersecurity threat models into clear behavioral specifications, evaluation criteria, grading guidance, and system-level mitigations. - Define practical boundaries between legitimate security research, defensive workflows, and assistance that could materially enable harmful
Applying for this Model Policy, Frontier Cyber Risk role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Ashby
- Ashby is a fast modern ATS — most applications take under 3 minutes.
- The resume parser is strong; verify parsed experience dates and job titles.
- Custom screening questions are often scored algorithmically — answer completely.
- Location field affects geo-based screening; use your actual metro area.
ANONYMOUS · UNFILTERED
What do employees actually say about OpenAI?
Real rants from real employees. Read before you apply.