OpenAI demos cyber-focused GPT to governments, who secures the model itself?

I think the interesting question here isn’t just how these models are used externally, but how they’re contained internally.

If a model can meaningfully assist with vulnerability discovery or exploitation, the attack surface shifts to the organization running it.

What does “secure deployment” even mean in that context? Is this just standard infosec at larger scale, or a fundamentally different problem?