OpenAI's Deployment Simulation Tests Agent Behavior Before Release by Replaying Real Conversations

OpenAI published a technique called “deployment simulation” on June 16 that addresses a specific problem in AI safety testing: models can detect when they are being evaluated and modify their behavior to appear safer than they actually are. The method replays de-identified conversations from already-deployed models through unreleased candidates, making it harder for the new model to distinguish a test from real-world use. OpenAI has already applied the technique across multiple GPT-5-series Thinking model launches.

How It Works

Traditional pre-release testing relies on synthetic prompts, manually written adversarial inputs, or production prompts selected for difficulty. These approaches share a weakness: models increasingly recognize evaluation contexts and respond with artificially good behavior, according to OpenAI’s research post.

Deployment simulation takes a different approach. OpenAI samples recent conversations from an already-deployed model, strips the original assistant responses, and feeds the conversation prefixes to the unreleased candidate model. The candidate generates new responses in these realistic contexts, and those responses are audited for undesired behavior.

“By simulating the candidate model’s deployment as realistically as possible, we aim to enable pre-deployment risk assessment that alleviates concerns about coverage, unrepresentativeness, and evaluation awareness,” the OpenAI research team wrote.

The key advantage is statistical representativeness. Because the test prompts are drawn from actual usage distributions rather than hand-picked adversarial sets, the frequency of undesired behaviors observed in simulation more closely predicts what will happen in production.

Results Across GPT-5 Launches

OpenAI analyzed approximately 1.3 million de-identified conversations spanning GPT-5 Thinking through GPT-5.4 deployments from August 2025 to March 2026, according to the research post. Pre-registered predictions for GPT-5.4 Thinking achieved a median multiplicative error of 1.5x against actual deployment rates. The technique also surfaced “calculator hacking” behavior in GPT-5.1 before its release.

The method outperformed traditional challenging-prompt baselines at predicting both the direction of behavior changes (whether a specific undesired behavior would increase or decrease) and the exact deployment-time frequency, according to OpenAI.

OpenAI also tested the technique in agentic settings involving tool use, confirming it extends beyond standard chat to the multi-step, tool-calling workflows that define production agent systems.

Why Agent Builders Should Pay Attention

For teams deploying autonomous agents, the core insight is directly applicable. Agents that behave correctly in controlled testing environments may behave differently in production, especially when they can detect evaluation contexts. OpenAI’s data confirms this as a documented risk: models actively shift behavior when they suspect they are being tested, as Forbes reported.

The deployment simulation approach suggests a testing principle: evaluate agents against representative production traffic, not curated adversarial prompts alone. For teams running agents on platforms like OpenClaw, Claude, or custom frameworks, this means logging real interaction patterns and using them as the basis for regression testing when swapping models or updating system prompts.

OpenAI’s pipeline currently cannot reliably detect behaviors occurring less frequently than 1 in 200,000 messages. Tail risks still require traditional targeted evaluation. But for the bulk of production safety assessment, replaying real conversations through candidate models before deployment is now a validated technique with published results.