OpenAI launched two open-weight reasoning models called gpt-oss-safeguard-120b and gpt-oss-safeguard-20b. What makes them different? They're designed to classify content according to a provided policy, are customizable, generate chain-of-thought full reasoning and operate under the Apache 2.0 license. They're not models meant to replace direct user interaction, but to be a rule-based evaluation and moderation layer.
What they are and what they're for
These variants are post-trainings of the original gpt-oss models, fine-tuned specifically to reason from a given policy and label content according to it. They're ready to use with the Responses API and offer reasoning effort options (low, medium, high) as well as structured outputs.
And why does that matter? Because they let you automate classification decisions with greater traceability: by providing full chain-of-thought, you can see the reasoning behind a label — useful for auditing and tuning policies.
Key practical features
- Open-source models under the Apache 2.0 license and subject to the
gpt-ossusage policy. - Compatible with the Responses API so you can plug them into existing flows.
- Output includes chain-of-thought to make it easier to understand why a decision was made.
- Three levels of reasoning effort to balance cost and rigor.
- Support for Structured Outputs for more predictable, easy-to-parse responses.
Evaluation and safety: what OpenAI reports
The report compares gpt-oss-safeguard performance against their original gpt-oss counterparts as a baseline. Although the models are intended for policy-based classification, OpenAI also checked how they behave in chat scenarios — not because that's their recommended use, but because being open means someone might use them that way.
You'll also find an initial multilingual performance evaluation in chat contexts. That's not the same as measuring exact performance during policy-based classification, but it helps you spot trends in other languages.
Limitations and practical precautions
OpenAI clarifies that the gpt-oss-safeguard models are fine-tunes of the gpt-oss models and did not incorporate additional biosecurity or cybersecurity data. Therefore, the worst-case scenario estimates reported for gpt-oss also apply here.
A clear recommendation: use these models to classify content against a given policy, not as the primary model your end users interact with. The original gpt-oss models remain more suitable for direct-interaction tasks.
How could you use them today?
- Automated moderation: you send content and the policy; the model returns a label and its reasoning.
- Decision auditing: thanks to the chain-of-thought, you can review why an item was flagged.
- Multilingual flows: there's initial evaluation in other languages, but run your own tests before production.
Simple example: in a moderation system you might run primary detection with a lightweight classifier and delegate gray cases to gpt-oss-safeguard with high reasoning effort to get a more explained decision.
Final reflection
These models are a practical bet: open tools designed to support human decisions and audit results. Interested in traceability for moderation or classification? gpt-oss-safeguard gives you an open, customizable base — but the responsibility for design and testing in your context remains yours.
