AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

← News

GPT-4.5 Arrives as 'Research Preview,' Triggering Procurement and Risk Controls Before Any Production Use

What happened

OpenAI published Model Release Notes identifying GPT-4.5 as a research preview of its largest and most capable chat model to date. The research preview designation indicates an intermediate stage of maturity in which the model is accessible for evaluation but has not completed the full suite of red-teaming, safety evaluations, and deployment hardening that OpenAI applies before a general availability release. The published notes do not include detailed disclosure of red-team findings, capability thresholds, known failure modes, or deployment restrictions specific to GPT-4.5, leaving gaps in the information enterprises need to complete a standard AI risk assessment. The release affects organizations using OpenAI's API or platform products, as well as those evaluating GPT-4.5 through the ChatGPT Enterprise interface. The absence of full safety documentation shifts a significant portion of residual risk characterization onto procuring organizations, particularly those in regulated industries such as financial services, healthcare, and legal services.

Why it matters

  • ·Enterprises operating under the EU AI Act or U.S. sector-specific AI guidance may face regulatory exposure if they deploy a preview model without documented, stable risk profiles, as these frameworks increasingly require pre-deployment assessments based on vendor-disclosed safety information.
  • ·The release creates an operational control gap for organizations that lack internal policies distinguishing how preview or beta AI models are governed versus general availability releases, potentially allowing unapproved production use before adequate evaluation is complete.
  • ·Regulated-industry organizations bear heightened organizational risk because the absence of published red-team findings and failure mode disclosures means AI risk assessments cannot be completed using vendor documentation alone, increasing liability exposure if the model produces harmful or erroneous outputs.

Governance controls affected

What to do now

  • Route any internal request to deploy GPT-4.5 in a production workflow through the existing AI procurement review process with an explicit preview-status flag, requiring sign-off from risk or legal functions before approval.
  • Formally request from OpenAI any available safety evaluation summaries, red-team findings, or capability documentation specific to GPT-4.5 and document both the request and the response for audit purposes.
  • Review internal model lifecycle policies to confirm they explicitly address the preview-to-production transition, including the criteria that must be satisfied and the authority required to approve elevation to production status.
  • Verify that use of a preview model does not conflict with obligations under the EU AI Act's high-risk AI system requirements or sector-specific guidance from bodies such as the U.S. Treasury or financial regulators.
  • Update vendor risk management records for OpenAI to reflect GPT-4.5's preview status and flag the entry for reassessment when the model reaches general availability.

What to watch next

Compliance teams should monitor OpenAI's Model Release Notes page for an update to GPT-4.5's status from research preview to general availability, which would signal that full safety evaluations and deployment hardening have been completed and may trigger a fresh procurement review. Teams should also track any enforcement signals from EU AI Act supervisory authorities or U.S. sector regulators regarding acceptable practices for procuring and deploying preview AI models, particularly in high-risk application contexts. Pending guidance from NIST on operationalizing the AI Risk Management Framework for third-party model procurement may also clarify documentation expectations relevant to this scenario.

Related Coverage

Insight2026-06-13

Fable 5 and Mythos 5 Suspended by U.S. Export Control Directive: Three Governance Gaps Enterprise AI Programs Have Not Planned For

On June 12, 2026, a U.S. government export control directive required Anthropic to suspend all access to Fable 5 and Mythos 5 for foreign nationals, effectively disabling the models for all customers overnight. The immediate trigger was a narrow code-analysis jailbreak technique, but the directive exposes deeper gaps: most enterprise AI governance programs have no continuity plan for government-mandated model suspension, no process for nationality-based access controls, and no export control review in their AI vendor assessment workflow.

Insight2026-06-26

OpenAI's GPT-5.6 Deferral Establishes Government Pre-Review as a Real Variable in Frontier AI Releases

OpenAI delayed the full public rollout of GPT-5.6 at the request of the U.S. government, limiting initial access to vetted partners under a June 2026 executive order that grants the government up to 30 days of advance access to covered frontier models. OpenAI complied while stating publicly it does not want this to become a permanent standard. For compliance teams, the headline is not the delay but what it signals: government pre-deployment review is now an operational fact in AI vendor release cycles.

Insight2026-06-27

Mythos 5 Partial Reinstatement Creates Government-Controlled AI Access Tiers With No Transparent Process

The US government on June 27 granted roughly 100 approved companies access to Claude Mythos 5, partially reversing a June 12 export control suspension, while Fable 5 and organizations outside the approved list remain locked out with no published selection criteria or recourse. The action is the first commercial enforcement under a new executive order framework requiring government pre-release review of frontier models, making tiered access structural rather than ad hoc.