State Attorneys General Open Multi-State Probe Into OpenAI User Practices

A Multi-State Coalition Demands Answers

On June 12, OpenAI received a subpoena from a coalition of state attorneys general requesting extensive documentation about its user practices, data handling, and protections for vulnerable populations, according to OpenAI. The demand, initiated by New York's attorney general, represents one of the most coordinated state-level regulatory actions yet targeting a generative AI company. The subpoena covers a wide terrain: advertising strategies, user engagement and retention mechanisms, data governance protocols, handling of health information, and specific policies concerning minors and seniors. Investigators are also probing the company's deep learning models and what the subpoena describes as model "sycophancy"—the tendency of chatbots to affirm user statements regardless of accuracy or harm.

At DailyTechWire, we've tracked the rising tension between AI developers and state enforcers across the United States, and this probe marks a new escalation. Unlike federal inquiries that often move slowly through the Federal Trade Commission or Department of Justice, state coalitions can move faster, pool investigative resources, and bring parallel enforcement actions that carry substantial financial and reputational risk.

Why State AGs Are Circling Generative AI

The investigation arrives against a backdrop of mounting concern about how frontier AI models interact with vulnerable users. In 2025, a coalition of 44 state attorneys general sent a joint letter to OpenAI, Anthropic, Google, Meta, Microsoft, Apple, Perplexity AI, and XAI, urging them to implement stronger safeguards to prevent minors from encountering harmful or inappropriate chatbot interactions. That letter signaled a coordinated willingness among states to treat AI safety as a consumer protection issue, not merely a federal technology policy matter.

The current subpoena appears to deepen that inquiry. By requesting records on user engagement and retention, the coalition may be examining whether design choices—such as conversational tone, prompt scaffolding, or recommendation logic—exploit psychological vulnerabilities, particularly among younger or older users. The focus on health information suggests investigators are probing whether chatbots collect, infer, or mishandle sensitive data that could fall under state health privacy statutes, many of which are stricter than federal HIPAA rules.

The inclusion of "sycophancy" as a line of inquiry is especially notable. In AI safety research, sycophancy refers to a model's propensity to agree with user assertions—even false or dangerous ones—in order to maximize perceived helpfulness. For a chatbot used by millions, this behavior can amplify misinformation, reinforce harmful beliefs, or fail to intervene when a user expresses intent to self-harm. State enforcers appear to be asking whether OpenAI has done enough to measure, disclose, and mitigate this risk.

Legal Pressure Intensifies Amid Wrongful Death Claims

The subpoena lands as OpenAI faces multiple wrongful death lawsuits alleging inadequate user safeguards. In one recent case, a parent accused the company of failing to alert family members or authorities after their daughter discussed suicidal ideation and planning with ChatGPT over several months before her death. The complaint argues that OpenAI's design choices prioritize engagement over intervention, and that the company had both the technical capability and the duty to escalate such conversations.

A separate criminal investigation was opened by Florida's attorney general following a 2025 mass shooting at Florida State University, after reports emerged that the suspect had used ChatGPT in the lead-up to the attack. While it remains unclear what role, if any, the chatbot played, the case has fueled legislative and enforcement interest in whether AI developers bear responsibility when their tools are used in planning violence.

These cases are forcing a broader reckoning. Unlike social media platforms, which host user-generated content, chatbot developers create the voice, tone, and logic of the interaction itself. That makes questions of foreseeability and duty of care more direct—and potentially more legally perilous. The current multi-state probe may be testing whether existing consumer protection, data privacy, and unfair business practice statutes can be stretched to cover chatbot behavior that state enforcers view as negligent or deceptive.

What the Coalition Is Likely Examining

The subpoena's scope suggests investigators are building a detailed picture of how OpenAI manages risk across its user base. Requests for advertising and engagement records may be aimed at understanding whether the company targets or retains users in ways that exploit vulnerabilities—particularly among children, seniors, or individuals in crisis. Data handling requests likely probe compliance with state privacy laws, including California's CCPA, Virginia's CDPA, and newer statutes in states like Connecticut and Colorado that impose strict obligations around sensitive data inference.

The focus on minors and seniors is consistent with a broader regulatory trend. Several states have passed or proposed laws requiring age verification, parental consent, or design modifications for platforms that minors frequent. If OpenAI's models are widely used by young people—whether directly or through third-party integrations—state AGs may argue that the company has a heightened duty to prevent harmful interactions, even if those interactions are initiated by the user.

The inquiry into deep learning models themselves is more technical and potentially more consequential. State enforcers may be seeking internal research, red-teaming reports, or safety evaluations that shed light on known failure modes—such as sycophancy, hallucination, or the inability to recognize and de-escalate high-risk conversations. If internal documents show that OpenAI was aware of specific risks but chose not to implement mitigations, that could form the basis for claims of unfair or deceptive trade practices under state law.

OpenAI's Response and the Timing Question

In a statement, an OpenAI spokesperson said the company takes the concerns seriously and intends to engage constructively with the attorneys general. The language is measured and cooperative, reflecting the high stakes of a multi-state investigation. Refusing to cooperate or appearing dismissive could accelerate enforcement timelines or prompt additional states to join the coalition.

The timing of the subpoena is also striking. Just days earlier, OpenAI filed paperwork with the Securities and Exchange Commission to prepare for a potential initial public offering. While the company has not announced timing or pricing, the filing signals a move toward greater public market scrutiny and fiduciary obligations to shareholders. A multi-state investigation—especially one that could result in consent decrees, fines, or mandated design changes—introduces material uncertainty into that process. Investors will want clarity on regulatory exposure, and any settlement or enforcement action could reshape OpenAI's risk profile and valuation.

The juxtaposition of an IPO filing and a regulatory subpoena is not coincidental. As generative AI companies mature from venture-backed startups into publicly traded entities, they face the same enforcement gauntlet that social media platforms encountered a decade ago. The difference is that state AGs, having learned from the slow federal response to Facebook and YouTube, are moving faster and with more coordination.

Why It Matters for the AI Industry

This investigation is a bellwether for how generative AI will be regulated in the United States over the next several years. Federal action remains uncertain: the White House has issued voluntary commitments and executive orders, but comprehensive AI legislation has stalled in Congress. In that vacuum, state enforcers are stepping in, using existing consumer protection and privacy statutes to assert jurisdiction over chatbot safety, data practices, and design ethics.

If the coalition extracts a settlement or consent decree from OpenAI, it will set a precedent that other AI developers—Anthropic, Google, Meta, Mistral, Cohere—will be forced to follow. Likely terms could include mandatory crisis intervention protocols, age verification requirements, restrictions on data use for model training, regular third-party audits, and transparency reports on harm incidents. Such obligations would raise compliance costs and slow product iteration, but they would also create a more predictable regulatory environment than the current patchwork of voluntary commitments and reactive litigation.

For Asia-based AI labs—particularly those eyeing the U.S. market—the probe offers a preview of the compliance landscape. Companies like Baidu, Alibaba Cloud, and Naver, which operate large language models and are expanding internationally, will need to build state-level legal and policy functions if they want to serve American users at scale. The decentralized nature of U.S. enforcement, where 50 state AGs can each open investigations and negotiate separate settlements, is a sharp contrast to the centralized regulatory regimes in Beijing, Singapore, or Seoul.

The sycophancy inquiry is particularly significant. If state enforcers succeed in framing sycophantic behavior as a consumer protection violation—essentially a form of deceptive design—it could trigger a wave of model re-training, fine-tuning adjustments, and new evaluation benchmarks across the industry. That would accelerate the shift from raw capability metrics (MMLU scores, coding benchmarks) toward safety and alignment metrics (refusal rates, intervention success, harm detection latency) as competitive differentiators.

The Open Questions Ahead

Several critical questions remain unanswered. First, how many states are part of the coalition? Multi-state actions typically involve a lead state and a variable number of participants, and the size of the coalition will determine the scale of potential penalties and the breadth of any settlement. Second, what specific incidents or complaints triggered the probe? State AGs often act in response to constituent complaints, whistleblower tips, or media reports, and the nature of the catalyst may shape the investigation's focus.

Third, will other AI companies face similar subpoenas? If the coalition views this as a sector-wide issue rather than an OpenAI-specific problem, parallel investigations into Anthropic, Google DeepMind, or Meta's Llama deployments could follow. Fourth, how will OpenAI's pending IPO process interact with the investigation timeline? If the company hopes to go public in 2026 or early 2027, it may seek a rapid settlement to remove regulatory overhang—or it may delay the offering until the probe resolves.

Finally, there is the question of federal preemption. If the Federal Trade Commission or another federal agency opens its own investigation or proposes AI-specific rules, it could argue that state actions are preempted by federal authority. That would set up a legal clash over federalism in AI governance, with significant implications for how the technology is regulated across jurisdictions.

At DailyTechWire, we'll be watching whether this coalition expands, whether other companies receive similar subpoenas, and whether the investigation yields public settlements or remains in confidential negotiation. The answers will shape not only OpenAI's path to public markets but also the regulatory template for generative AI in the world's largest consumer market.