Model Policy, Frontier Cyber Risk

About the Role

The Model Policy team aligns model behavior with desired human values and norms by driving rapid policy taxonomy iteration based on data and defining evaluation criteria for foundational models' ability to reason about safety. This role sits at the intersection of cybersecurity, AI safety, threat modeling, evaluation science, and policy implementation, making it an exciting opportunity for those who are passionate about the intersection of technology and policy.

As a key member of the team, you will work closely with research, engineering, safety training, preparedness, and product teams to build policies that are technically grounded, measurable, enforceable, and responsive to real-world cyber risk. Your work will have a significant impact on the development of safe and responsible AI systems, and you will be part of a team that is committed to fostering a culture of trust and transparency.

What You Will Do

• Design and maintain model policies for cybersecurity and frontier-risk domains, especially dual-use and high-risk cyber capabilities.
• Translate cybersecurity threat models into clear behavioral specifications, evaluation criteria, grading guidance, and system-level mitigations.
• Define practical boundaries between legitimate security research, defensive workflows, and assistance that could materially enable harmful activity.
• Build policy artifacts that support implementation across training, evaluation, deployment, monitoring, and escalation systems.
• Partner with safety researchers, engineers, and evaluation teams to operationalize policies into scalable model behavior and measurable safeguards.
• Analyze red-teaming results, deployment data, model failures, over-refusals, and ambiguous edge cases to improve policy and evaluation quality over time.
• Identify emerging cyber capability areas where advanced AI systems could lower barriers to misuse or increase operational capability for malicious actors.
• Contribute to system cards, safety reports, policy documentation, and external communications on Openai's approach to cyber risk mitigation.
• Collaborate with cross-functional teams to ensure that policies are aligned with business goals and regulatory requirements.
• Stay up-to-date with the latest developments in cybersecurity, AI safety, and policy implementation, and apply this knowledge to improve the model policy framework.

What We Are Looking For

• Strong technical expertise in cybersecurity, such as offensive security, defensive security, vulnerability research, malware analysis, incident response, threat intelligence, application security, exploit development, infrastructure security, or cloud security.
• Strong judgment about how AI systems may affect the cyber threat landscape, including dual-use, autonomous, or agentic system risks.
• Ability to distinguish between legitimate security use cases and assistance that could materially enable harmful cyber activity.
• Experience building or applying threat models to complex technical systems, especially in adversarial or high-risk environments.
• Ability to translate technical security expertise into structured policy frameworks, evaluation criteria, operational guidance, and enforcement mechanisms.
• Comfort using empirical evidence, including evaluations, red-teaming results, deployment observations, and model failure modes, to inform policy decisions.
• Strong systems thinking across policy, evaluations, classifiers, training, deployment safeguards, measurement, and monitoring.
• Ability to work cross-functionally with researchers, engineers, product teams, policy experts, and operational stakeholders.
• Strong communication and collaboration skills, with the ability to explain complex technical concepts to non-technical stakeholders.

Nice to Have

• Experience with AI safety, machine learning, or deep learning.
• Knowledge of cybersecurity frameworks, such as NIST or ISO 27001.
• Familiarity with cloud security, containerization, or serverless architectures.
• Certification in cybersecurity, such as CISSP or CEH.
• Experience with policy development, implementation, or enforcement.

Benefits and Perks

• Competitive salary and benefits package.
• Opportunity to work on cutting-edge AI safety projects.
• Collaborative and dynamic work environment.
• Flexible working hours and remote work options.
• Professional development opportunities, including training and conference sponsorship.
• Access to state-of-the-art technology and tools.
• Recognition and reward for outstanding performance.
• Comprehensive health insurance and wellness programs.
• Generous paid time off and holiday policy.

• To stand out as a candidate, highlight your experience in cybersecurity and AI safety, and provide examples of how you've developed and implemented policy frameworks in the past.
• Be prepared to explain complex technical concepts to non-technical stakeholders, and demonstrate your ability to communicate effectively with cross-functional teams.
• Show that you're up-to-date with the latest developments in cybersecurity and AI safety, and explain how you stay current with industry trends and research.
• Emphasize your ability to work independently and as part of a team, and highlight your experience with collaboration tools and project management software.
• When preparing for the interview, review Openai's approach to AI safety and cybersecurity, and be prepared to ask informed questions about the role and the company's mission.
• Don't be afraid to ask about the company culture and values, and how they impact the way the team works and collaborates.
• Be prepared to provide examples of your experience with threat modeling, policy development, and enforcement, and demonstrate your ability to apply technical expertise to real-world problems.