Introducing gpt-oss-safeguard: An open security reasoning model for developers

OpenAI has released gpt-oss-safeguard, a new innovation in its family of open-weight reasoning models specifically designed for safety classification tasks. It represents a significant leap forward in enabling developers to flexibly build, test, and deploy safety-specific systems. The model is available in two sizes, 120B and 20B, and is a modified version of the original gpt-oss, released under the Apache 2.0 license, making it freely available and customizable.

Both models are available for download today from Hugging Face, giving researchers and developers access to advanced security reasoning tools tailored to their organization's policies and standards. 

A new perspective on safety reasoning 

Unlike traditional classifiers that are trained on fixed data, gpt-oss-safeguard uses real-time reasoning based on developer-defined policies. This means that the model can dynamically classify messages, replies, or conversations based on developer-specific policies, providing a high degree of flexibility and transparency.

In the inference step, the model receives two pieces of information: 

1. Security Policy (as defined by the developer) 
2. Content to be evaluated 

The model then produces outputs with a “reasoning chain” that can be audited and refined, helping developers better understand and trust the model's decision-making process. 

This approach allows organizations to instantly adjust or extend the scope of their security policies without having to retrain entire classification models, increasing flexibility in responding to rapidly changing situations. 

How gpt-oss-safeguard supports specialized security policies 

With gpt-oss-safeguard, developers can design security solutions that fit their platform, such as:

• Game forums can be classified as discriminatory for discussions of cheating or inappropriate behavior. 
• E-commerce platforms can detect fake reviews or misleading content. 
• Social media can use community-specific moderation rules that change over time. 

This reasoning mechanism is particularly useful in cases where: 

• Dangerous behaviors are changing rapidly. 
• The topic is too complex for a small model to understand. 
• There is insufficient labeled data for training. 
• We want decisions that are transparent and explainable rather than processing speed. 

OpenAI's internal security rationale 

OpenAI's internal system uses a similar method called Safety Reasoner, which works behind models like GPT-5, ChatGPT Agent, and Sora 2. This method is called deliberative alignment — a process where the AI ​​model reasons directly about safety policies instead of relying solely on learned examples.

Safety Reasoner applies security rules in real time, using up to 16% of the system's total compute resources, enabling rapid adjustments to security boundaries as risks evolve, strengthening the platform's deep defenses. 

For image and video models like Sora 2, the Safety Reasoner performs real-time safety checks at each step to identify and block unsafe outputs before they reach the user. 

Performance and Evaluation 

OpenAI evaluated gpt-oss-safeguard on both internal and public datasets, such as the 2022 ToxicChat and Moderation datasets.

The test results show that: 

• gpt-oss-safeguard has better accuracy in multi-policy reasoning than gpt-5-thinking and its predecessor gpt-oss.
• When tested on screening and toxicity data, the model demonstrated better interpretability and adaptability than traditional classifiers in complex situations. 
• Although the 20B version is smaller, it remains highly efficient for real-world content moderation use cases. 

Limitations and exchanges 

Although gpt-oss-safeguard is flexible and transparent, it has two limitations:

• Performance ceiling: Specialized classifiers trained on large, high-quality data may still be more accurate in some very complex domains.
• Compute cost: Reasoning classification is resource-intensive, making it unsuitable for systems that require high speed and high throughput.

OpenAI addresses this limitation by combining a fast, lightweight classifier with a Safety Reasoner to perform deeper analysis when needed. 

Collaboration with the safety community 

The release of gpt-oss-safeguard is part of OpenAI's commitment to open collaboration, and the model was developed and tested in collaboration with ROOST, SafetyKit, Tomoro, and Discord to meet the needs of developers in real-world scenarios.

Vinay Rao, CTO of ROOST, says this is the first open source reasoning model with a “bring your own policy” approach that allows organizations to define their own risks while maintaining transparency in the screening process. 

ROOST also launched the ROOST Model Community (RMC) — a hub for researchers and developers to share knowledge, test security, and improve open source filtering together.

Getting Started with gpt-oss-safeguard 

Developers can get started with gpt-oss-safeguard today by downloading the model from Hugging Face. With its reasoning-first architecture, users can:

• Try creating a dynamic security policy 
• Analyze the rationale of the model to improve policy. 
• Integrate open reasoning mechanisms with content moderation systems 

This marks a significant step towards making AI security “open and customizable,” allowing developers to truly define and control the security standards of their own systems. 

Summary 

The launch of gpt-oss-safeguard marks a significant step forward in elevating the safety of open AI. By combining the power of reasoning and a flexible policy framework, OpenAI empowers developers to design platform-specific safeguards, whether for content moderation, trust & safety, or community enforcement. This model enables organizations to protect users with transparency, accountability, and adaptability in an ever-changing digital world.