Model Rating Report
GPT-5
GPT‑5 is a unified system with a smart, efficient model that answers most questions, a deeper reasoning model (GPT‑5 thinking) for harder problems, and a real‑time router that quickly decides which to use based on conversation type, complexity, tool needs, and the user's explicit intent.
Developer
OpenAI
Country of Origin
USA
Systemic Risk
Open Data
Open Weight
API Access Only
Ratings
Overall Transparency
52%
Data Transparency
27%
Model Transparency
24%
Evaluation Transparency
74%
EU AI Act Readiness
50%
CAIT-D Readiness
33%
Transparency Assessment
The transparency assessment evaluates how clear and detailed the model creators are about their practices. Our assessment is based on the official documentation lists in Sources above. While external analysis may contain additional details about this system, our goal is to evaluate transparency of the providers themselves.
Sources
Press Release: https://openai.com/index/introducing-gpt-5/
System Card: https://openai.com/index/gpt-5-system-card/
API Specification: https://platform.openai.com/docs/models/gpt-5
Basic Details
Date of Release
August 7th, 2025
Methods of Distribution
GPT-5 is available through OpenAI's API or through a web interface as part of ChatGPT.
Modality
GPT-5 can take text and images as input and generate text.
Input and Output Format
The input context window for GPT-5 is 400K tokens with an output limit of 128k tokens.
License
Proprietary
Instructions for Use
OpenAI provides detailed instructions, including various cookbooks, here: https://platform.openai.com/docs/overview.
Documentation Support
Low Transparency
The documentation is easy to access and navigate. It covers the capabilities, evaluations, and mitigations in a lot of detail. Some information is available about training data. However, there is no information available on the architecture and hardware used to train the model.
Changelog
A general changelog is available [here](https://platform.openai.com/docs/changelog).
Policy
Acceptable Use Policy
The OpenAI Usage policies can be found [here](https://openai.com/policies/usage-policies/).
User Data
User data, outside of enterprise accounts, is used to train and improve models. However, users can opt-out of training at any time (see [here](https://help.openai.com/en/articles/7730893-data-controls-faq) for more details).
Data Takedown
Individual users can opt-out of having their data being used for training, and OpenAI has a copyright dispute form: https://openai.com/form/copyright-disputes/
AI Ethics Statement
OpenAI describe their principles in their [OpenAI Charter](https://openai.com/charter/).
Incident Reporting
https://openai.com/policies/coordinated-vulnerability-disclosure-policy/
Model and Training
Task Description
Medium Transparency
Capabilities: GPT-5 is our flagship model for coding, reasoning, and agentic tasks across domains. A [detailed guide](https://platform.openai.com/docs/guides/latest-model) provides multiple examples and specifications for use.
Limitations: GPT-5 can hallucinate (especially on short-form questions) and comply with some requests to generate harmful content.
Number of Parameters
None
Model Design
Unknown
The documentation states that three sizes of the model were trained (-nano, -main and -thinking) and that an additional router model is used to decide which model to activate for a user's input. However, no details about the architecture itself are provided.
Training Methodology
Medium Transparency
Training involved a standard pre-training phase, and a post-training phase that focused on a new "[safe completions](https://openai.com/index/gpt-5-safe-completions/)" methodology that framed safety training in terms of producing safe outputs rather than rejecting unsafe inputs. This method was implemented using explicit examples during the SFT stage and specialized objectives during the RL stage.
Note: Other aspects of the training process are not documented in detail.
Computational Resources
None
Energy Consumption
None
System Architecture
None
Training Hardware
None
Data
Dataset Size
None
Dataset Description
Unknown
The properties pre-training and post-training are not documented.
Data Sources
Low Transparency
The dataset included publicly available on the internet, information from third party partners, and information that users or human trainers and researchers provided or generated.
Data Collection - Human Labor
Unknown
None
Data Preprocessing
Low Transparency
The dataset was preprocessed to maintain data quality and mitigate potential risks. This included advanced data filtering to remove personal information, and the use of OpenAI's Moderation API and safety classifiers to remove harmful or sensitive content, including explicit materials such as sexual content involving a minor.
Data Bias Detection
Unknown
None
Data Deduplication
None
Data Toxic and Hateful Language Handling
Data was filtered using OpenAI's Moderation API and additional safety filters.
IP Handling in Data
None
Data PII Handling
Personal information is reduced from the training data using advanced data filtering processes.
Data Collection Period
The knowledge cut-off is Sep 29, 2024.
Evaluation
Performance Evaluation
Low Transparency
GPT-5 was evaluated on benchmarks related to math, coding, agentic tool use and healthcare. The healthcare evaluation was conducted using a novel [HealthBench](https://openai.com/index/healthbench/) that evaluates how the model responds to realistic healthcare questions.
Evaluation of Limitations
High Transparency
GPT-5 is evaluated for multiple types of limitations.
Hallucinations: Factuality was evaluated using both historic ChatGPT Production data and open-source benchmarks (LongFact, FActScore and SimpleQA) using both Browser Enabled and Disabled settings. gpt-5-thinking hallucinated <5% in most settings, while gpt-5-main hallucinated <10% of the time. However, on SimpleQA both models hallucinated over 40% of the time - showing that the models still struggle with simple facts.
Sycophancy: This behavior was measured by manually evaluating responses to a dataset of real conversations. Scores for both models were over twice as low as for GPT-4o.
Disallowed Content Generation: These benchmarks measured whether the model compiled with requests for disallowed content. The results were mixed: the model complied with around of requests related to the topics: 'harassment/threatening', 'hate/threatening' and 'illicit/non-violent'.
Jailbreak/Prompt Manipulation: While on the StrongReject benchmark the model rejected nearly all attempts, on the more [advanced benchmark](https://arxiv.org/abs/2507.20526) from Gray Swan, the Attack Success Rate was 56%.
Bias/Fairness: This was evaluated using the BBQ benchmark - the model scored similarly to previous models (o3 and 4o) - getting around 90% accuracy. A demographic breakdown of the results was not included.
Additional evaluations related to Image inputs, Deception and Healthcare Safety are discussed in the System Card.
Evaluation with Public Tools
None
Adversarial Testing Procedure
High Transparency
GPT-5 was adversarially tested using both benchmarks, and internal and external red-teaming. External testers included Microsoft, AI Security groups (Gray Swan), research groups (METR and Apollo) and governments (UK AI Security Insititute and U.S. Center on Artificial Intelligence Standards and Innovation).
The results showed that while the model was safer than previous iterations on multiple dimensions, it earned a High Capability in the Biological and Chemical threat domains.
Noteworthy Results:
- Benchmark evaluations measured refusal rates on disallowed content (e.g. hateful content or illicit advice) on single and multi-turn conversations. The model performs nearly perfect on simple scenarios, but has scores between 70-80% on some harder scenarios related to hate, violence and self-harm. OpenAI acknowledged that these areas need further attention.
- The model could be jailbroken under a number of scenarios, but many of these attempts would likely be flagged by the deployed system. However, gpt-5-thinking still had an Attack Success Rate of 56% on one extenral benchmark.
- Developers tested for Instruction Hierarchy concerns: how the model manages system prompts vs developer prompts. The "main" variation showed weaknesses on several scenarios, while the "thinking" variation performed strongly on the whole test; suggesting that developer instructions could override OpenAI's system prompt in some scenarios.
- An expert AI Red Team from Microsoft conducted a number of evaluations on Frontier harms, Content safety and Psychological teams and found gpt-5-thinking to be qualitatively safer than gpt-o3.
Additional results in the system card include studies on the usefulness of the model for violent attack planning and complex cybersecurity attacks.
Model Mitigations
High Transparency
OpenAI has developed a multi-tiered system of mitigations:
GPT-5 was post-trained using a novel "safe completions" technique, which teaches the model to give the most helpful answer where possible, while still maintaining safety boundaries. This approach contrasts previous "refusal-based" training that focused on rejecting unsafe user inputs. The framework involved both directly showing the model "safe responses to ambiguous prompts" during SFT and rewarding "helpful but safe" outputs during the RL stage. Details including results are available in [this paper](https://cdn.openai.com/pdf/be60c07b-6bc2-4f54-bcee-4141e1d6c69a/gpt-5-safe_completions.pdf).
In addition, filtering was used to remove low-quality content from the pre-training data.
Finally, a real-time Moderation API is used to review all inputs and outputs. This includes filters for general unsafe and inappropriate content, and a dedicated system for detecting threats related to biological and chemical weapons.
While these protections may not be sufficient, jailbreaking the model and producing harmful outputs may be challenging, and OpenAI actively monitors for suspicious activity and can ban accounts.
Invite New User
Loading change history...
No change history available.