Skip to content
Menu
Menu

OpenAI Unveils GPT-Red to Test Future AI Models

The internal system automatically attacks OpenAI’s models to uncover vulnerabilities, and the company says it has already used GPT-Red to make GPT-5.6 more resistant to prompt injection attacks.

 

OpenAI introduced GPT-Red, an internal automated red-teaming system designed to attack the company’s own AI models and expose security weaknesses before release. The company said Wednesday that it already used GPT-Red to improve the security of GPT-5.6, its latest flagship model.

Red-teaming is a common method for stress-testing AI models for vulnerabilities before deployment. Previously, OpenAI relied on human experts and outside researchers to test new models, but the company says those methods are becoming difficult to scale as AI systems grow more capable.

According to OpenAI, GPT-Red works by repeatedly interacting with another model, observing its responses, and refining its attacks. The company trained the system using a form of self-play in which GPT-Red and a collection of defensive models competed against one another across a range of scenarios, including malicious instructions hidden in emails, web pages, local files, and software tools.

OpenAI said GPT-Red is highly effective at finding prompt-injection vulnerabilities, in which attackers embed malicious instructions in files or websites to make an AI system ignore its original rules. In one benchmark designed to measure prompt-injection attacks, GPT-Red succeeded in 84% of test cases, while human testers succeeded in 13%. 

OpenAI says GPT-Red is already influencing its production models. OpenAI used GPT-Red to help train GPT-5.6. The company says GPT-5.6 now performs much better on its toughest prompt-injection tests, failing six times less often than OpenAI’s strongest production model from four months ago. GPT-5.6 Sol fails on only 0.05% of GPT-Red’s direct prompt-injection attacks.

The company argues that automated testing will become increasingly important as AI systems improve. In its announcement, the company said human red-teaming remains essential but cannot generate enough attack scenarios to keep pace with more powerful models.

“We believe automated red-teaming unlocks a crucial form of self-improvement for safety: using today’s models to directly help make future models safer,” OpenAI wrote.

The company said it plans to continue expanding GPT-Red alongside human and third-party testing.

Clayton Rifkind

Clayton Rifkind is the Founder and Senior Editor of AI Risk Today. He also advises on content development for esgtoday.com, a leading source of ESG investment news and research for institutional investors and corporate leaders. He has 20+ years experience in B2B technology marketing, leading strategy and execution of go-to-market plans across software, enterprise platforms, and mobile applications. He also founded two marketing consultancies, advising startups and Fortune 1000 companies, including Autodesk, Intel, and Microsoft. Clayton began his career in the San Francisco advertising scene, working with brands such as Hewlett-Packard, Intel, Microsoft, Symantec, and Wells Fargo.

Essential AI Risk Intelligence

Daily insights on AI governance, regulation, and enterprise risk management. Trusted by Chief Risk Officers and compliance leaders globally.

By subscribing, you agree to receive our daily newsletter. Unsubscribe anytime.

Advertise with AI RIsk Today, Today!