OpenAI Superalignment Report and the public-thresholds shift — capability-driven release gating goes from Anthropic-specific exception to industry baseline

OpenAI's publication of its first formal Superalignment Report on May 28 — quantitative cyber-capability thresholds and a pre-deployment-evaluation methodology that mirrors Anthropic's Mythos restricted-release framework — marks the transition of capability-driven release gating from Anthropic-specific exception to industry baseline. DeepMind's Frontier Safety Framework v3 completes the three-lab convergence.

The publication is the substantive procedural shift. OpenAI's Superalignment Report — about 90 pages — frames capability-driven gating as a baseline pre-deployment-evaluation gate every release passes through, rather than as a capability-driven exception applied to specific outliers. The framing matters: when restricted-release is an exception, the public expectation is that all-public-release is the default and exceptions require justification. When restricted-release is a baseline gate, the public expectation flips — every release is the output of a procedural process that could in principle have produced a restricted-release outcome.

The three-lab convergence is what makes the moment structurally meaningful. Anthropic's Mythos restricted-release precedent earlier in the month established the procedural shape; DeepMind's Frontier Safety Framework v3 release the same day as OpenAI's Superalignment Report completes the three-lab procedural alignment. For the first time, the three major Western frontier labs use procedurally-aligned capability-thresholds-and-release-gating frameworks. The procedural alignment is not coordinated — the labs developed the methodologies in parallel — but the convergence is real and observable.

The regulatory implication is the EU AI Act GPAI Code of Practice final form. The Commission's publication of the final Code of Practice on May 28 explicitly references the three-lab procedural convergence as the operational baseline for the systemic-risk evaluation requirements. The regulatory work piggybacks on the procedural artifacts the frontier labs have already published, which is a meaningfully different regulatory surface than specifying capability-evaluation methodology from scratch.

The downstream consequence for smaller labs and open-source projects is the compliance-procedural gap. The three major Western frontier labs have substantial procedural infrastructure — capability-evaluation teams, safety-review boards, deployment-policy teams, dedicated alignment-research output that produces the publishable artifacts. Smaller labs and open-source projects lack equivalent procedural infrastructure, and the EU Code of Practice's proportionality provisions are the regulatory accommodation that scales obligations to deployment context. The structural pressure is on the broader ecosystem to develop shared procedural artifacts that smaller labs can reference, rather than each lab building the procedural stack independently.

The defender-versus-developer-side framing is the operational substance. The three-lab procedural convergence produces capability-evaluation artifacts that are useful for both deployment-control decisions and for defender-side preparation. The Mythos restricted-release decision specifically routes high-cyber-capability access to approved defenders rather than withholding it from everyone. Anthropic's day-zero circuit-tracer support for Claude Opus 4.7 extends the defender-side artifacts into the interpretability surface. The combined deployment-control vocabulary is more sophisticated than the binary release-or-restrict framing the earlier debate operated under.

The longer-arc question is whether the three-lab convergence holds through the next 12-24 months or whether competitive pressure produces divergence. The economic-and-competitive logic supports continued convergence: the regulatory environment is consolidating on the procedural baseline, the customer-and-partner procurement surfaces increasingly require the procedural artifacts, and the labs' brand-and-reputation positioning is partially driven by the alignment-research output. The structural pressure is for the procedural convergence to deepen rather than to diverge.

The line: capability-driven release gating used to be Anthropic's specific commitment. In mid-2026 it is the industry baseline, with the regulatory framework piggybacking on the procedural artifacts the labs produced first.

OpenAI — Superalignment Report cyber capability thresholds May 28 2026 → · DeepMind — Frontier Safety Framework v3 release May 28 2026 → · European Commission — AI Act GPAI Code of Practice final publication May 28 2026 →