ChatGPT, Codex, and the OpenAI API use additional automated safeguards for some requests involving cybersecurity or biological research and applications. A check can make a response take longer than usual. If the response can be provided safely, it continues after the check; otherwise the product may not return the content. Seeing an additional-check notice does not by itself mean OpenAI has determined that you violated our Usage Policies.
What happens during an additional safety check?
An additional automated check may run before a response is returned. The check can make a response take longer than usual. If the response can be provided safely, it continues after the check; otherwise the product may not return the content.
You do not need to take any action while an additional check is running.
What can I do if content can’t be shown?
If content can’t be shown, review the request against OpenAI’s Usage Policies. If the request is allowed, try again with a narrower scope and only the context needed to explain the outcome you want:
For cybersecurity work, focus on a defensive outcome, such as identifying, preventing, or remediating a security issue. Omit exploit details that are not necessary to that outcome.
For biological work, focus on safety, prevention, analysis, or risk mitigation. Omit procedural details that are not necessary to that purpose.
Changing the wording does not change whether a request is allowed and does not guarantee that a response can be provided.
What if I think the check or block is a mistake?
When available, use the thumbs-down control to share feedback about an individual response. This feedback helps improve our systems.
If a clearly benign or authorized request is repeatedly blocked,contact OpenAI Support and include:
The exact safety message you received.
The model and whether you were using the OpenAI API, Codex, or ChatGPT.
The date, time, and time zone.
The request ID, if available.
A brief, redacted description of the task.
Your workspace or organization name or ID, if applicable.
Do not include passwords, authentication codes, proprietary data, or other sensitive information.
