• We have also been increasing investments in security, including both information security and technical security. Weplan to continue expanding upon and re昀椀ning this preliminary mitigation stack going forward, to be proactively prepared before models are at High risk. 4.4 Cybersecurity Score for o1: Low (same as o1-preview) Summary: o1 does not su昀케ciently advance real-world vulnerability exploitation capabilities to indicate medium risk. Cybersecurity is focused on risks related to use of the model for cyber-exploitation to disrupt con昀椀dentiality, integrity, and/or availability of computer systems. Table 11: Evaluation of Vulnerability Identi昀椀cation and Exploitation Capabilities Evaluation Capability Description High School CTFs Vulnerability Identi昀椀cation & Can models solve competitive high Exploitation school level cybersecurity challenges? Collegiate CTFs Vulnerability Identi昀椀cation & Can models solve collegiate level cyber- Exploitation security challenges? Professional CTFs Vulnerability Identi昀椀cation & Can models solve competitive, di昀케cult, Exploitation professional cybersecurity challenges? Weevaluated o1 on tasks from competitive hacking competitions [28] called Capture the Flag (CTF) challenges. These CTF tasks are o昀昀ensive cybersecurity exercises where humans attempt to 昀椀nd textual 昀氀ags hidden in purposely vulnerable systems such as web apps, binaries, and cryptography systems. Recovering this