OpenAI should welcome state AG scrutiny before its IPO

OpenAI needs state attorney general scrutiny now, before its IPO hardens weak safety claims into investor risk.

OpenAI should welcome the state attorneys general investigation, because the company’s scale, consumer reach, and reported harms make outside pressure necessary before it goes public.

That is not a reflexive anti-AI stance. It is the basic logic of power meeting accountability. OpenAI says ChatGPT now serves more than 1 billion monthly active users, and CNBC reports the company has filed confidentially for an IPO after reaching an $850 billion valuation. When a private company reaches that size while facing lawsuits over minors, seniors, health data, and alleged wrongful deaths, “constructively” is not enough. Regulators are doing what markets and courts cannot do alone: forcing a company to answer specific questions before those questions become a public-company crisis.

First, the legal pressure is arriving for a reason

The state AGs are not inventing concerns out of thin air. According to CNBC, the subpoena reportedly seeks information about OpenAI’s advertising, consumer and health data, minor and senior users, and models. Those are not peripheral issues. They go straight to how the product is sold, who it reaches, and what safeguards exist for vulnerable people. If a company cannot explain those basics cleanly, it does not deserve the benefit of vague assurances.

Florida Attorney General James Uthmeier has already sued OpenAI, alleging it knowingly released an unsafe product. That matters because it shows the scrutiny is not abstract or partisan theater. Once one state presses the issue, others are likely to follow, especially when the alleged harms involve children, mental health, and death. OpenAI’s best move is not to posture about innovation. It is to show regulators the logs, policies, escalation paths, and product changes that prove the company has a defensible safety system.

Second, IPO timing makes transparency nonnegotiable

An IPO changes the moral and financial math. A private company can absorb ambiguity by pointing to future improvements. A public company cannot. Investors will not price “we take concerns seriously” the same way they price documented controls, known liabilities, and repeatable governance. If OpenAI wants public capital, it must accept public-grade scrutiny before the listing, not after the prospectus is out and the risk disclosures are already stale.

There is a simple market example here: the bigger the promise, the harsher the correction when the promise collides with reality. OpenAI has become one of the most valuable private companies on the planet, but valuation does not equal immunity. It increases the blast radius. If the company enters public markets while state AGs are investigating alleged harms to minors, seniors, and grieving families, every unresolved issue becomes a disclosure problem, a litigation discount, and a governance test. The IPO clock makes this the right time to force answers, not the wrong time.

The counter-argument

OpenAI’s defenders will say that aggressive state investigations risk punishing the one company that has actually shipped useful AI at scale. They will argue that the company is already improving safeguards, that ChatGPT now includes more protective experiences for minors and people in distress, and that the legal system should avoid chilling innovation with sprawling subpoenas. That view has merit. AI firms do need room to iterate, because product safety in this category is not static and the line between helpful and harmful behavior shifts fast.

But that argument stops short of explaining why a company with a billion-user product, a pending IPO, and multiple lawsuits should be left to self-certify its own safety. The issue is not whether OpenAI should exist or whether AI should be regulated into paralysis. The issue is whether a dominant consumer AI platform can keep expanding while treating external review as a nuisance. It cannot. The company can still innovate, but it must now prove that its safeguards are real under adversarial scrutiny, not just polished in a blog post.

What to do with this

If you are an engineer or product leader building AI systems, treat this as a governance requirement, not a PR problem: document safety decisions, log model behavior, map escalation paths for vulnerable users, and assume every control will be read by regulators, plaintiffs, and investors. If you are a founder, get ahead of the inquiry by publishing concrete policies, red-team results, and incident response processes before you are forced to in discovery. The companies that survive the next phase of AI will be the ones that can explain, in plain language, why their product is safe enough to scale.