GPT-4.5 Arrives as 'Research Preview,' Triggering Procurement and Risk Controls Before Any Production Use

OpenAI published Model Release Notes identifying GPT-4.5 as a research preview of its largest and most capable chat model. Unlike a general availability release, the research preview designation signals an intermediate stage of maturity in which the model is made accessible for evaluation purposes but has not passed through the full suite of red-teaming, safety evaluations, and deployment hardening that OpenAI applies before a production release. The notes do not provide detailed disclosure of red-team findings, capability thresholds, known failure modes, or deployment restrictions specific to GPT-4.5, which means enterprises relying on OpenAI's published documentation alone will find gaps in the information needed to complete a standard AI risk assessment. This applies directly to organizations already using OpenAI's API or platform products, as well as those evaluating GPT-4.5 through the ChatGPT Enterprise interface.

The research preview label exposes a control gap that many enterprise AI governance programs have not yet fully addressed: the absence of clear internal policies distinguishing how preview or beta AI models are handled versus general availability releases. Most mature AI governance frameworks, including ISO/IEC 42001 and the NIST AI Risk Management Framework, require organizations to assess AI systems before deployment based on documented capability claims, known limitations, and vendor-provided safety information. When a vendor releases a model in preview without full disclosure of safety evaluation results, the burden of characterizing residual risk shifts significantly toward the procuring organization. This is especially consequential for regulated industries, including financial services, healthcare, and legal services, where AI system decisions or outputs may carry liability, and where regulators increasingly expect documented pre-deployment assessments. The release also intersects with emerging procurement transparency obligations, including provisions in the EU AI Act and various U.S. state laws, that require organizations to understand and document the properties of AI systems they deploy.

Compliance and AI governance teams should take several concrete steps in response to this release. First, any internal request to deploy GPT-4.5 in a production workflow should be routed through the organization's existing AI procurement review process with an explicit flag for the preview status, requiring sign-off from risk or legal functions before approval. Second, teams responsible for vendor risk management should formally request from OpenAI any available safety evaluation summaries, red-team findings, or capability documentation specific to GPT-4.5, and document the response for audit purposes regardless of whether the model is ultimately deployed. Third, organizations operating under the EU AI Act's requirements for high-risk AI systems, or under sector-specific AI guidance from bodies such as the U.S. Treasury or financial regulators, should verify that using a preview model does not conflict with obligations to deploy AI systems with documented, stable risk profiles. Finally, AI governance leads should use this release as a trigger to review whether their model lifecycle policies explicitly cover the preview-to-production transition, including criteria that must be met before a preview model can be elevated to approved production status, and who holds authority to make that determination.