HeadlinesBriefing favicon HeadlinesBriefing.com

OpenAI's GPT-Red Red-Teams GPT-5.6 for Safety

MIT Technology Review AI •
×

OpenAI has built GPT-Red, an LLM super-hacker used as a sparring partner to harden its models against cyberattacks. Training GPT-5.6 against GPT-Red produced the company's most robust release yet. GPT-Red automates red-teaming—typically done by human testers—to find vulnerabilities before deployment. As LLMs become agents interacting with files, websites, and code, the risk surface expands beyond what human teams alone can cover.

Researchers trained GPT-Red via a self-play loop in a simulated dojo mimicking real-world scenarios like web browsing and code editing. Over many rounds, GPT-Red discovered novel attacks, including a fake chain of thought injection that tricks a model into acting on spoofed reasoning steps. “It’s extremely persistent about drilling down into an attack,” says co-creator Dylan Hunn.

Testing showed over 90% of GPT-Red's strongest attacks succeeded against GPT-5, but fewer than 23% worked on GPT-5.6. GPT-Red also hacked Vendy, a vending-machine agent from Andon Labs, altering prices and canceling orders. However, it struggles with multi-turn conversational attacks and image-based injections.

GPT-Red supplements human red-teamers; each finds flaws the other misses. OpenAI will not release the model, citing the extensive compute and year-long development behind it.