
OpenAI is now using AI to attack its own AI, and it's working better than humans ever did
Quick Answer
OpenAI's internal AI model, GPT-Red, outperforms human red teamers by identifying security flaws in GPT models with an 84% success rate.
Quick Take
OpenAI's internal AI model, GPT-Red, outperforms human red teamers by identifying security flaws in GPT models with an 84% success rate. Trained through self-play reinforcement learning, it has significantly improved GPT-5.6 Sol's resistance to prompt injections, reducing failures sixfold compared to previous models, although 3.8% of stronger injections still succeed.
Key Points
- GPT-Red simulates attacks like prompt injections to identify security flaws.
- It achieved an 84% success rate in finding vulnerabilities compared to 13% for humans.
- GPT-5.6 Sol shows six times fewer failures on direct prompt injections than earlier models.
- 3.8% of stronger prompt injections still succeed, posing ongoing risks.
- Details on GPT-Red will be released in an upcoming paper.
📖 Reader Mode
~1 min readOpenAI trained an internal AI model called GPT-Red to automatically find security flaws in GPT models. GPT-Red simulates prompt injections and other attacks where malicious instructions hide in emails, websites, or files. Trained via self-play reinforcement learning, GPT-Red attacks while defender models block, and both improve over time. It finds successful attacks in 84 percent of test scenarios versus 13 percent for human red teamers. In one test, it manipulated an AI-powered vending machine in OpenAI's office, changed prices, and canceled other customers' orders.
The results feed directly into training. GPT-5.6 Sol shows six times fewer failures on direct prompt injections than the best model from four months ago, OpenAI says, without hurting general performance. But about 3.8 percent of "stronger" prompt injections still succeed. Scale that to hundreds or thousands of attempts, and a sizable number get through, similar to Claude Opus 4.5.

GPT-Red stays internal; a paper with more details will follow.
— Originally published at the-decoder.com
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from The Decoder
See more →
An AI model programmed nonstop for 19 days on a single MirrorCode task that cost $2,600 to run
Epoch AI's MirrorCode benchmark reveals Claude Opus 4.7 as the leader with a 56% solve rate, reconstructing a 16,000-line toolkit in 14 hours. Despite this, all models tested struggle with the most complex tasks, highlighting limitations in current AI capabilities. The single task consumed $2,600 over 19 days, raising questions about cost-effectiveness in AI development.

