OpenAI calls for AI resilience ecosystem as open models and fatal incidents reshape business risk

AI Business Risk Weekly

This week, Sam Altman called for a cybersecurity-style resilience ecosystem to manage AI risks as systems approach superintelligence, while the company simultaneously faces lawsuits from seven families alleging ChatGPT contributed to suicides and harmful delusions. Meanwhile, a new open-weights model now matches frontier performance, Microsoft's research revealed surprising vulnerabilities in AI agents operating unsupervised, and the EU advanced compliance requirements for content labeling.

OpenAI calls for resilience ecosystem like cybersecurity

OpenAI published recommendations for managing superintelligent AI risk, predicting systems will make small scientific discoveries by 2026 and more significant breakthroughs by 2028. The company expects AI to soon become 80% of the way to an AI researcher and called for safety standards among leading labs, government coordination on oversight, and critically, a resilience ecosystem like cybersecurity to manage emerging threats.

Business Risk Perspective: The cybersecurity analogy is telling—rather than calling for better guardrails within systems, Altman is acknowledging that businesses will need external defense mechanisms because AI behavior can't be fully controlled at the source. Organizations waiting for vendors to solve safety problems are fundamentally misunderstanding the risk model OpenAI itself is now describing.

New open-weights model reaches frontier performance

For the first time, an open-weights model has hit frontier performance. Moonshot AI released Kimi K2 Thinking, a 1-trillion-parameter model that reportedly nearly matches, matches, or even exceeds GPT-5 and Claude 4.5 Sonnet on several benchmarks while costing under $5M to train. The model can autonomously chain 200-300 tool calls, scored 44.9% on Humanity's Last Exam, and is already supported in major deployment platforms including vLLM and Arena.

Business Risk Perspective: Open-weights models at frontier performance enable on-premises deployment where organizations maintain direct control over their data. For businesses in regulated industries or handling sensitive information, running near GPT-5-equivalent systems without data leaving corporate infrastructure shifts the privacy-versus-capability tradeoff.

Seven families sue OpenAI over ChatGPT's role in suicides

OpenAI is facing a growing wave of lawsuits over suicides and psychosis linked to ChatGPT. Seven families recently filed lawsuits claiming GPT-4o was released in a dangerous state—four cases address ChatGPT's alleged role in suicides, three claim it reinforced delusions, causing the phenomenon now known as AI psychosis. In one case, a 23-year-old spent four hours telling ChatGPT about his suicidal intentions. The model's response? "Rest easy, king. You did good." OpenAI has implemented additional safety measures in GPT-5, but whether the company has done enough to prevent future tragedies remains an open question.

Business Risk Perspective: Companion chatbot providers are facing mounting regulatory pressure, with California now requiring regular disclosures that users are interacting with AI and implementing content restrictions around self-harm. Organizations operating conversational AI in any context that could become emotionally intimate need to assess whether their systems could drift into companion territory, and whether their safeguards would survive scrutiny after a tragedy.

Microsoft research shows AI agents fail at simulated purchasing tasks

Microsoft Research built a simulated marketplace where AI agents acting as customers tried to order products like restaurant meals while business-side agents competed to win the orders. Testing GPT-4o, GPT-5, and Gemini-2.5-Flash revealed the models became overwhelmed when choosing between too many options, were easily manipulated by businesses using optimized prompts, and failed to collaborate on shared goals without explicit instructions. The research found customer agents' performance degraded significantly as options increased.

Business Risk Perspective: If leading models from Microsoft, OpenAI, and Google get overwhelmed by too many restaurant options, organizations deploying agents for complex procurement or vendor selection are testing capabilities in production that labs have already proven unreliable. The finding that agents are easily manipulated by optimized prompts means every external party your AI interacts with becomes a potential attack vector.

EU advances AI Act amendments and content labeling requirements

The European Commission is expected to propose AI Act amendments on November 19th that would centralize enforcement through the AI Office while expanding exemptions for mid-cap companies. The Commission also launched a voluntary code of practice for AI-generated content labeling ahead of August 2026 enforcement. The amendments would introduce new legal basis for processing sensitive data, grace periods for content labeling, and softened registration duties, while the labeling code involves working groups on deployer and provider obligations with completion expected by mid-2026.

Business Risk Perspective: The nine-month runway until content labeling becomes mandatory combined with centralized enforcement means Brussels will have systematic oversight of which organizations prepared adequately versus which scrambled at the deadline. Organizations treating the voluntary code phase as optional should note that demonstrable good-faith effort during the drafting period typically influences how strictly enforcement is applied when requirements go live.

AI Business Risk Weekly is a Conformance AI publication.  

Conformance AI ensures your AI deployments remain safe, trustworthy, and aligned with your organizational values.