OpenAI and the environment AI inherits

I spend my spare time working on our farm in Pennsylvania, clearing brush, cutting trails, working in the pasture. One thing you learn quickly is that nothing out there grows perfectly according to a master plan (try as I might). The woods are the cumulative result of decades of whatever happened to take root, what the deer didn't eat, what the storms didn't knock down, or where the previous owner grazed his Holsteins. It's resilient, but it's not designed by us. This weekend I was cutting some old fencing out of a tree that had completely grown around the wire. It was never part of the plan, but the tree just kept growing against the obstacle.

Organizations evolve the same way. Most companies built their systems gradually while solving immediate problems. Teams shared access to move faster, employees changed roles but kept permissions, and new collaboration tools appeared faster than old ones disappeared. Over time, access relationships accumulated faster than most organizations could continuously govern them.

For years, that sprawl carried risk but also an accidental benefit: the complexity that made sensitive data hard to govern also made it hard to find. Attackers had the same limits humans had. Navigating a messy environment required time, skill, and patience. We always used to say, “obscurity isn’t security.” Turns out it was, at least a little.

Newer AI models eliminate most of that obscurity. That shift is the reason Netwrix joined OpenAI's Daybreak program, which gives a small group of security defenders early access to frontier models without the same guardrails that constrain general-purpose deployments. The point of being in a program like Daybreak is more than access to a better model. It's the chance to understand, ahead of the broader market, what these systems do when you point them to real environments.

AI changes the assumption

AI doesn't operate under the same constraints people do. That's already showing up in tools like Copilot. A person can ask a simple question and surface salary data, old project files, or internal reports no one expected to resurface. The information was technically reachable, but most people never would've found it on their own. The permissions were there all along, and AI has made them easier to reach. The concern I hear from nearly every CISO right now isn't that these models behave incorrectly. It's that they behave correctly, surfacing compensation data, internal reports, and sensitive project information the environment had already granted them access to.

Frontier models, like Claude or GPT-5.5, go further. They reason across large bodies of information, identify patterns, generate and test code, and chain multiple actions together without waiting for a human prompt at each step. In a security context, a well-deployed frontier model can analyze a codebase for vulnerabilities, validate whether a finding is exploitable, and draft a remediation, compressing work that once required a skilled analyst and days of time into minutes.

That same capability compounds risk in environments where access was never cleaned up. A service account with permissions from three mergers ago or a shared admin account nobody wants to touch because something might break. These are real, common problems, and frontier AI processes them the same way it processes everything else: fast, at scale, without the friction that used to slow the exposure down. Anthropic's Project Glasswing showed what that looks like in practice. Cloudflare found 2,000 bugs across critical-path systems in weeks, 400 of them high or critical severity, at a false positive rate better than their own human testers. Mozilla found and fixed 271 vulnerabilities in Firefox 150, more than 10 times what they'd found in the previous release. Glasswing partners collectively surfaced more than ten thousand high- or critical-severity vulnerabilities in a single month.

What it means for security leaders

The response is to govern the environment before you connect anything to it. The core questions are old ones: who has access, why do they have it, and does it still make sense? The urgency of answering them is new. Here's where to start:

• Treat AI agents like privileged identities. Once a frontier model connects to your environment through APIs or orchestration layers, it inherits permissions and acts on them. Apply the same controls you'd apply to a privileged human account: limit scope, log activity, and review access as its role changes.
• Prioritize your highest-risk surface first. A full access review across a large organization takes time you may not have before AI tools go live. Focus on the accounts and data stores where exposure is largest: administrative credentials, sensitive data repositories, and service accounts with broad scope and unclear ownership.
• Run an AI-specific access audit now. Before expanding any AI integration, map what the system can actually reach. Not what it was intended to reach. What it can reach given current permissions. The gap is almost always larger than expected.
• Don't wait on data classification. AI doesn't distinguish between data that was meant to be widely accessible and data that accumulated access over time. Knowing where your sensitive information lives, and who can get to it, is prerequisite work for safe AI deployment, not a nice-to-have that follows it.

Where this is going

The organizations moving fastest in frontier AI already seem to understand that governing the environment matters as much as choosing the right model. Anthropic limited access to its most capable model, Claude Mythos, to a small set of Glasswing partners. OpenAI built Daybreak on the same principle. Netwrix is in that group because the questions Daybreak is built to answer, what an AI can reach and whether what it reaches matters, are the questions we've spent 20 years working on.

The access controls and governance work these programs require before deployment reflect something these organizations learned early: the value of frontier AI scales with the quality of the environment it operates in. A model with broad reasoning capability, working through a well-governed identity and data infrastructure, is a genuine force multiplier for security teams. The same model working through years of accumulated, unreviewed access creates exposure at a speed and scale that's hard to contain after the fact.

The models are already here. Deciding what they can reach will be up to you.

References

1. OpenAI, "Daybreak"

2. OpenAI, "Introducing Trusted Access for Cybersecurity"

3. Microsoft, “Configure a secure and governed foundation for Microsoft 365 Copilot”