OpenAI is looking for a Head of Preparedness to address quickly rising risks that frontier AI systems could be used to carry out finely nuanced cyberattacks and other high-impact forms of misuse. The job will guide strategy on risky capabilities, with CEO Sam Altman warning that state-of-the-art models are already good enough at computer security to expose dangerous vulnerabilities. It’s a technical post and a governance post, and it is also a sign that AI labs now consider catastrophic-risk planning to be an issue at the board level.
Why OpenAI Is in Search of a Preparedness Chief
Altman is on record describing the urgency in simple terms — that models can speed up identification of these vulnerabilities and lower the bar for less sophisticated attackers. That risk is not hypothetical. Anthropic recently detailed how a state-linked actor in China had twisted its coding assistant to attempt intrusions on roughly 30 organizations — from tech and finance to chemicals and government agencies — with little human direction. The episode and the parties involved made clear what many security leaders have long suspected — that AI is supercharging both sides of the cybersecurity arms race.
Regulators and national security agencies are recalibrating as well. Advice from the US Cybersecurity and Infrastructure Security Agency and the UK National Cyber Security Centre has stressed that large language models can supercharge social engineering, accelerate reconnaissance, and power automation of exploitation chains. Simultaneously, enterprises’ defenders are increasingly using machine learning for patch prioritization, anomaly detection, and incident response. The Preparedness director would be responsible for enabling those defensive improvements and restricting offensive misuse.
Inside the New Role and Its Responsibilities
They will be responsible for a preparedness framework managed over time as models are enhanced with new capacities or when standards in the community shift, the company says in an emailed hiring alert. That may include red-teaming around cyber and biohazard scenarios, capability assessments purpose-built to the workflows of plausible attackers, and policy guardrails — like rate limiting, fine-tuning restrictions, and graduated access to sensitive tools.
The mandate explicitly includes cyber and biosecurity. On the cyber side, look for an emphasis on benchmarking models against tasks such as vulnerability research, exploit development, and scalable phishing. There have been previous conversations at OpenAI on security-related evaluations: what is it that we calculate when determining whether models cross some line that significantly supports an offensive effort? On biosecurity, the remit would include whether models offer a step-by-step “blueprint” to do things that could substantially expand the practicality of developing or disseminating biological threats — an area that leading university and organization researchers have identified as a frontier risk.
The job will be high-pressure — “a stressful job,” the company says, though rumor has it that compensation is north of $500,000 with equity.
That price tag is a reflection of the cross-disciplinary complexity: the leader needs to straddle model research, product safety engineering, incident response, and policy all at once, while shipping protections rapidly when evaluations emerge suggesting concerning capabilities.
The Cyber Risk Backdrop for Frontier AI Models
Recent case studies illustrate how generative AI is altering attacker economics. Automated code generation and agentic tool use allow for time compression from proof-of-concept exploit to weaponization, scaling custom-made phishing at volumes that would have required large teams. Criminal markets have been observed by security researchers for LLM-fueled tools used to generate spear-phishing emails, design malware variants, and scrape credentials.
At the same time, there is an increasingly defined playbook for defenders. Organizations are experimenting with LLMs to triage alerts, translate threat intelligence, and produce unique remediation steps that fit their environment. Government-backed efforts such as the UK AI Safety Institute are designing evaluations for assessing whether models significantly increase novice attackers’ capabilities. The Preparedness function must incorporate these results into risk thresholds; determine when to disable or degrade features if an incident informed by artificial intelligence occurs; and partner with other entities in industry for their response actions.
Biosecurity and the Other Frontier Risks
Beyond cyber, OpenAI’s mandate extends to biosecurity, where the key question is not abstract knowledge per se but whether a model offers actionable stepwise guidance that materially enhances the chances of harm.
Studies from policy institutes and academic labs offer varying results today, but also illustrate how enhanced capabilities could alter the calculus. A rigorous preparatory program would pressure-test models against expert red teams, block access to sensitive domains, and incorporate feedback from public health and biosafety experts.
What This Means for AI Governance and Safety Policy
The hire highlights a broader trend in the industry away from general “responsible AI” to specific preparation for high-impact misuse. It is consistent with nascent requirements from the US Executive Order on AI, the EU AI Act, and sector regulators that mandate assessment, incident reporting, and post-deployment monitoring for powerful models. Analogous units are being established at labs and cloud providers, such as dedicated AI red teams and independent safety advisory councils.
The strategic tension is clear. Sophisticated models have the potential to significantly bolster cyber defense, but could also help skilled attackers become quicker and novices more dangerous. The head of preparedness will sit on that fault line, deciding when capability tips from being prudent (in its words) to unacceptable risk, and how to police the limits without snuffing out the useful. As frontier AI advances, that judgment may turn into one of the most momentous in the security arena.