Disrupting malicious uses of AI | February 2026

Source: OpenAI Date: 2026-02-25 URL: https://openai.com/index/disrupting-malicious-ai-uses

Summary

OpenAI’s quarterly report on malicious use disruption for February 2026 — one in a series of periodic disclosures documenting threat actors caught using OpenAI’s platforms for influence operations, cyberattacks, or other prohibited activities, and the accounts and access revoked in response. The reports, published periodically since 2024, covered nation-state actors, criminal groups, and individuals using ChatGPT and the API for spearphishing, disinformation generation, malware development, and other malicious purposes.

Implications

Transparency reports as norm-setting. OpenAI’s periodic malicious use reports established a transparency norm — publishing specific threat actor types and use cases rather than keeping enforcement actions private. This gave external researchers and policymakers visibility into the threat landscape while also demonstrating that OpenAI was actively enforcing its policies, not just publishing them.

Thread: AI safety and misuse documentation. Sits in the disruption report series alongside the June 2025 and prior reports as OpenAI’s running accounting of the gap between AI capability and AI misuse prevention. Each report added data points about what categories of malicious use were most prevalent.

Watch: Whether the February 2026 report showed new categories of misuse that had emerged as agentic capabilities expanded, particularly around automated spearphishing, code generation for exploits, and AI-assisted influence operations at scale.