GPT-4.5 Arrives as 'Research Preview,' Triggering Procurement and Risk Controls Before Any Production Use
What happened
OpenAI published Model Release Notes identifying GPT-4.5 as a research preview of its largest and most capable chat model to date. The research preview designation indicates an intermediate stage of maturity in which the model is accessible for evaluation but has not completed the full suite of red-teaming, safety evaluations, and deployment hardening that OpenAI applies before a general availability release. The published notes do not include detailed disclosure of red-team findings, capability thresholds, known failure modes, or deployment restrictions specific to GPT-4.5, leaving gaps in the information enterprises need to complete a standard AI risk assessment. The release affects organizations using OpenAI's API or platform products, as well as those evaluating GPT-4.5 through the ChatGPT Enterprise interface. The absence of full safety documentation shifts a significant portion of residual risk characterization onto procuring organizations, particularly those in regulated industries such as financial services, healthcare, and legal services.
Why it matters
- ·Enterprises operating under the EU AI Act or U.S. sector-specific AI guidance may face regulatory exposure if they deploy a preview model without documented, stable risk profiles, as these frameworks increasingly require pre-deployment assessments based on vendor-disclosed safety information.
- ·The release creates an operational control gap for organizations that lack internal policies distinguishing how preview or beta AI models are governed versus general availability releases, potentially allowing unapproved production use before adequate evaluation is complete.
- ·Regulated-industry organizations bear heightened organizational risk because the absence of published red-team findings and failure mode disclosures means AI risk assessments cannot be completed using vendor documentation alone, increasing liability exposure if the model produces harmful or erroneous outputs.
Governance controls affected
What to do now
- ☐Route any internal request to deploy GPT-4.5 in a production workflow through the existing AI procurement review process with an explicit preview-status flag, requiring sign-off from risk or legal functions before approval.
- ☐Formally request from OpenAI any available safety evaluation summaries, red-team findings, or capability documentation specific to GPT-4.5 and document both the request and the response for audit purposes.
- ☐Review internal model lifecycle policies to confirm they explicitly address the preview-to-production transition, including the criteria that must be satisfied and the authority required to approve elevation to production status.
- ☐Verify that use of a preview model does not conflict with obligations under the EU AI Act's high-risk AI system requirements or sector-specific guidance from bodies such as the U.S. Treasury or financial regulators.
- ☐Update vendor risk management records for OpenAI to reflect GPT-4.5's preview status and flag the entry for reassessment when the model reaches general availability.
What to watch next
Compliance teams should monitor OpenAI's Model Release Notes page for an update to GPT-4.5's status from research preview to general availability, which would signal that full safety evaluations and deployment hardening have been completed and may trigger a fresh procurement review. Teams should also track any enforcement signals from EU AI Act supervisory authorities or U.S. sector regulators regarding acceptable practices for procuring and deploying preview AI models, particularly in high-risk application contexts. Pending guidance from NIST on operationalizing the AI Risk Management Framework for third-party model procurement may also clarify documentation expectations relevant to this scenario.