Google Pixel devices are the reference devices for Android. The reason why they allow alternative OSes to work and retain all of the security features of them is because of that reason.
I don't see any cause for concern here. Do keep in mind that GrapheneOS frequently contributes and requests features from upstream.
There was actually a recent thread from the project about a feature that was requested by the project and Google implementing it:
https://grapheneos.social/@GrapheneOS/109484290154201406
Furthermore, while Google Pixels are currently the best (and pretty much only viable) option, there's nothing that inherently ties GrapheneOS to Pixel devices. If other devices come up that implement the same security features and allow you to retain them with an alternative OS, they could be supported for GrapheneOS.
128bitpotato Or could they make future Android releases proprietary, ditching the open-source project?
This is absolutely counterintuitive and will never happen. I'm prepared to eat my words here. It just won't.
Google has everything to gain by keeping AOSP open source so that OEMs can build on it. More devices running Android means more devices running Google Play Services. They won't just give up on that.
128bitpotato We've seen how Google tries to limit ad-blocking in the Chromium browser with MV3. Could something similar happen to GOSP, making it harder to maintain privacy?
Contrary to the insinuation here, Google seems to be interested in furthering security and privacy, rather than hindering it. This includes MV3, by the way.
Google - being the huge company that they are - can have multiple projects with different focuses. AOSP only seems to be getting more private and secure as time goes by, not less.
I hope that this alleviates your concerns a little bit.