OpenAI reveals new AI abuse schemes: threats are becoming more complex

When OpenAI began publishing regular reports on threats in 2024, a typical abuse case looked relatively straightforward: someone was trying to make ChatGPT write a phishing email or generate disinformation text. Two years later, the landscape has changed beyond recognition. In the February 2026 report, the company registers a qualitative shift — malicious actors have moved from primitive one-off attacks to complex multi-level operations where language models are just one link in the chain.

The main thesis of the new report can be formulated as follows: isolated use of AI for malicious purposes is giving way to combined schemes. Malicious actors have learned to combine the capabilities of generative models with infrastructure of fake websites and bot networks on social platforms. The model generates convincing content, the disposable website lends it an appearance of legitimacy, and bots on social networks ensure its distribution and social proof. Each element separately may look harmless, but together they form an effective machine of manipulation.

For OpenAI, this creates a fundamentally new detection problem. If previously the company could track suspicious usage patterns in its APIs — mass generation of uniform texts, attempts to bypass filters, requests to create malicious code — then now each individual request to the model can look perfectly innocent. A malicious actor asks for an article about health, edits a press release, writes a comment on a news story. The malicious nature is revealed only at the level of the entire operation as a whole, when these fragments are assembled into a single campaign promoting fake pharmaceuticals or political disinformation.

OpenAI describes several specific cases, though without the level of detail that could serve as an instruction manual. Among them are influence operations targeting audiences in different countries, fraud schemes using generated "expert" profiles, and attempts to automate social engineering. The company emphasizes that in all cases AI was neither the only nor even the main tool — it was embedded in already existing criminal methodologies, making them more scalable and convincing.

This conclusion has serious consequences for the entire industry. It means that responsibility for countering abuse cannot lie exclusively with model developers. OpenAI can improve its filters and monitoring systems as much as it wants, but if a fake website is hosted on a third-party server and bots operate on a social network, then effective protection requires coordination between all participants in the chain. The company directly speaks of the need for cross-platform collaboration — and this is not just diplomatic phrasing, but recognition of the real limitations of its own capabilities.

For regulators, the report also contains an important signal. Legislative initiatives for AI control that are actively discussed in the European Union, the United States, and other jurisdictions are often focused precisely on models — their training, capabilities, limitations. But if the main threat comes not from the model as such, but from its combination with other tools, then regulation only at the level of the model developer proves insufficient. A systemic approach is needed, covering the entire ecosystem — from hosting providers to advertising networks.

It is worth noting the context in which this report appears. OpenAI is experiencing a period of rapid growth and at the same time increasing pressure from society and competitors. The publication of detailed reports on threats is both a manifestation of responsibility and a strategic move. The company demonstrates that it is not turning a blind eye to problems, and at the same time shapes a narrative in which it is the expert in AI security. In a context where competitors — from Anthropic to Chinese labs — are increasing the power of their models, the position of a leader in security becomes no less valuable than technical superiority.

The February OpenAI report captures an unpleasant but predictable reality: malicious actors are adapting faster than one would like. They do not wait for the industry to build perfect protection — they experiment, combine tools, and find weak spots at the seams between platforms. The only answer to this can be equal adaptability on the part of the defenders. And perhaps the main question that this report raises is not technical but organizational: are competing companies, platforms, and states capable of acting cohesively enough to counter threats that by their nature know no boundaries between services and jurisdictions.