OpenAI

Additional safety checks for biological and cybersecurity requests in ChatGPT, Codex, and the API

Learn why a request may take longer or why content may not be shown, and what you can do next.

Updated: 9 hours ago

ChatGPT, Codex, and the OpenAI API use additional automated safeguards for some requests involving cybersecurity or biological research and applications. A check can make a response take longer than usual. If the response can be provided safely, it continues after the check; otherwise the product may not return the content. Seeing an additional-check notice does not by itself mean OpenAI has determined that you violated our Usage Policies.

What happens during an additional safety check?

An additional automated check may run before a response is returned. The check can make a response take longer than usual. If the response can be provided safely, it continues after the check; otherwise the product may not return the content.

You do not need to take any action while an additional check is running.

What can I do if content can’t be shown?

If content can’t be shown, review the request against OpenAI’s Usage Policies. If the request is allowed, try again with a narrower scope and only the context needed to explain the outcome you want:

  • For cybersecurity work, focus on a defensive outcome, such as identifying, preventing, or remediating a security issue. Omit exploit details that are not necessary to that outcome.

  • For biological work, focus on safety, prevention, analysis, or risk mitigation. Omit procedural details that are not necessary to that purpose.

Changing the wording does not change whether a request is allowed and does not guarantee that a response can be provided.

What if I think the check or block is a mistake?

When available, use the thumbs-down control to share feedback about an individual response. This feedback helps improve our systems.

If a clearly benign or authorized request is repeatedly blocked,contact OpenAI Support and include:

  • The exact safety message you received.

  • The model and whether you were using the OpenAI API, Codex, or ChatGPT.

  • The date, time, and time zone.

  • The request ID, if available.

  • A brief, redacted description of the task.

  • Your workspace or organization name or ID, if applicable.

Do not include passwords, authentication codes, proprietary data, or other sensitive information.

Was this article helpful?