According to Techmeme, OpenAI’s Chief Technology Officer, Fouad Matin, announced a profound milestone where AI models are nearing advanced cyber capabilities. He revealed that performance on capture-the-flag hacking challenges surged from 27% with GPT-5 in August 2025 to 76% with the GPT-5.1-Codex-Max model by November 2025. Matin emphasized that despite frequent jokes about AI safety posts, the escalating geopolitical threat must be taken seriously. This news follows reports that Tencent has been aggressively hiring AI researchers from ByteDance in recent months, even offering to double salaries, and reorganizing its own AI team in response.
The Speed Is The Story
Look, going from 27% to 76% on a specific benchmark in about three months is wild. That’s not a gradual improvement; that’s a phase change. It basically means the model’s ability to understand and exploit system vulnerabilities is no longer theoretical—it’s operational. And OpenAI isn’t just working on this in a vacuum. They’re talking about safeguards and investments, which tells you they see the capability curve getting steep, fast. The fact that a CTO is the one making this announcement, framing it as a “profound milestone,” should make everyone pause. This isn’t a research paper footnote. It’s a statement of fact.
Geopolitics and The Talent War
Here’s the thing: the Techmeme summary cleverly juxtaposes this OpenAI news with the Tencent-ByteDance talent war. That’s not an accident. It frames the entire AI race as a dual-track competition: one track is pure capability, and the other is a brutal fight for the human brains that can build and, crucially, control these systems. When Tencent is poaching researchers with double-salary offers, it shows the scarcity at the top and the immense pressure to keep pace. This isn’t just about who has the best chatbot. It’s about who develops strategic, potentially offensive, cyber capabilities first. Matin’s warning about geopolitical threats isn’t abstract. It’s a direct reflection of this global scramble.
What Does “Safety” Even Mean Now?
So we have to ask: what are these “safeguards” he mentions? And can they possibly keep up? A model that can solve 76% of CTF challenges is, by definition, a powerful tool for finding software vulnerabilities. That’s a double-edged sword of monumental proportions. In the right hands, it’s an unparalleled security auditor. In the wrong hands, it’s an automated hacker. OpenAI is clearly aware they’re sitting on a potential weapon, hence the preemptive messaging. But this progression suggests we’re moving from debating hypothetical AI risks to managing very real, very tangible cyber risks baked into the models themselves. The joke’s over.
