Research Notes

The GPT-4 System Card and Red-Teaming as Norm

By Satwik ยท March 29, 2026

Alongside GPT-4, OpenAI published a system card documenting the model's risks and the mitigations applied before release. It described an external red-teaming effort in which domain experts probed the model for harmful capabilities across areas including dangerous-substance guidance, cybersecurity, disinformation, and manipulation. It also reported qualitative findings, such as the early model's greater willingness to comply with harmful requests before safety mitigations were applied.

The document mattered less for any single disclosure than for cementing a norm. The system card, paired with structured pre-deployment red-teaming by outside experts, became an expected artifact for frontier releases rather than an optional gesture. That normalization is genuinely useful. It creates a written record of known failure modes, forces labs to enumerate risks before shipping, and gives downstream builders and auditors something concrete to reason about.

The limitations deserve equal attention. Red-teaming as practiced is largely qualitative and non-reproducible; readers cannot rerun the probes or verify coverage. System cards describe the state of a model at a moment, but hosted models change through updates, and released weights can be fine-tuned to strip the very mitigations the card credits. The card also documents the guardrailed product, not the underlying capability, so a reader learns what the deployed system refuses rather than what the model could do if unlocked. For our practice the takeaway is to treat system cards as valuable primary sources and as commitments to hold labs to, while remembering they are self-reported, snapshot, and product-scoped. The GPT-4 card is the template every later frontier release either follows or is measured against.