Skip to content
gentic.news — AI News Intelligence Platform
Connecting to the Living Graph…

Listen to today's AI briefing

Daily podcast — 5 min, AI-narrated summary of top stories

A glowing red robotic hand reaches toward a blue digital brain, symbolizing AI security testing, with data streams…
AI ResearchBreakthroughScore: 85

GPT-Red: OpenAI's LLM Super-Hacker Finds 84% of Attacks, Humans 13%

OpenAI's GPT-Red LLM finds 84% of attacks vs 13% for humans, hardening GPT-5.6 Sol. Automated red-teaming shifts safety paradigm.

·1d ago·4 min read··18 views·AI-Generated·Report error
Share:
Source: technologyreview.comvia mit_tech, analytics_vidhya, the_decoderSingle Source
What is GPT-Red and how effective is it at finding vulnerabilities?

OpenAI's GPT-Red LLM super-hacker finds successful attacks in 84% of test scenarios via self-play training, versus 13% for human red teamers. It was used to harden GPT-5.6 Sol, OpenAI's most robust release yet.

TL;DR

GPT-Red finds 84% of attacks via self-play · Human red teamers manage only 13% · Used to harden GPT-5.6 Sol release

OpenAI's GPT-Red LLM finds successful attacks in 84% of test scenarios, versus 13% for human red teamers. The model, detailed by MIT Technology Review, was used to harden GPT-5.6 Sol, OpenAI's most robust release yet.

Key facts

  • GPT-Red finds attacks in 84% of test scenarios
  • Human red teamers manage just 13%
  • GPT-5.6 Sol is OpenAI's most robust release yet
  • GPT-Red discovered new types of attack not seen before
  • Self-play training in a simulated dojo environment

OpenAI has built an LLM super-hacker called GPT-Red that it uses as a sparring partner to help its other models boost their defenses against cyberattacks. According to MIT Technology Review The company released the latest version of its flagship LLM, GPT-5.6 Sol, last week. OpenAI says that training it against GPT-Red made the model its most robust release yet.

GPT-Red automates red-teaming, a safety evaluation typically done by human testers. The aim is to find as many different ways to break or hijack a system as possible. The weak spots can then be patched before the final version of the software is released.

As LLMs become more complex and get used in a wider variety of tasks—especially in the form of agents, which can interact with computer files, websites, and third-party code as well as other agents—it’s hard for teams of people by themselves to keep up with all the types of attacks that might take place. “The risk surface grows and the blast radius also grows,” says Nikhil Kandpal, a research scientist at OpenAI who co-created GPT-Red.

OpenAI built GPT-Red to future-proof its safety testing process. “As more capable models become available, we will have already designed the system that can discover new modes of attack,” says Dylan Hunn, a research scientist at the company and fellow co-creator of GPT-Red. The researchers say it has already come up with new types of attack that had not been seen before.

Self-Play Dojo

To build GPT-Red, OpenAI’s researchers took an LLM that had not been trained as a hacker and set it up in what’s known as a self-play loop with several other models. Its goal was to try to attack the other models; their goal was to try to defend themselves. Over many rounds of play, GPT-Red became better and better at attacking other LLMs, and those LLMs became better and better at fending off the attacks.

The training took place in a kind of dojo that OpenAI had designed to mimic a range of scenarios in which LLMs might be deployed in the real world, including browsing the web, reading emails or calendar apps, and editing code. OpenAI focused most of its efforts on prompt injection attacks, where a hacker slips an LLM instructions to make it do things its developers or users do not want it to, such as copy confidential information or sabotage a company’s code base.

When GPT-Red found a new kind of attack, it would explore multiple different versions of it to find the most efficient one for specific scenarios. “Compared to a human red-teamer, the model is very, very good at finding exactly what will work, exactly what’s most effective,” says Hunn.

The gap between GPT-Red's 84% success rate and human red teamers' 13% is not just a performance metric — it signals a structural shift in how frontier AI safety is conducted. Human red teaming, already a bottleneck at scale, becomes untenable as agentic systems multiply attack surfaces. OpenAI's approach mirrors a trend across the industry: Anthropic's Claude Code and Google's Gemini agent runtimes are also adopting automated adversarial testing, though none have disclosed comparable internal hit rates.

Broader Context

The GPT-Red development comes as OpenAI's GPT-5.6 Sol competes with Anthropic's Claude Fable 5 for the frontier-model crown. Analytics Vidhya reports Fable 5 holds a slight edge in general intelligence, while Sol hits back with stronger coding performance and much lower pricing. In a separate demonstration of GPT-5.6 Sol's capabilities, a University of Pennsylvania statistics professor used the model to disprove a 30-year-old conjecture about the Benjamini-Hochberg method in roughly 90 minutes. The Decoder reports The predecessor model, GPT-5.5, couldn't find a solution even after 20 hours.

Key Takeaways

  • OpenAI's GPT-Red LLM finds 84% of attacks vs 13% for humans, hardening GPT-5.6 Sol.
  • Automated red-teaming shifts safety paradigm.

What to watch

Watch for OpenAI's disclosure of GPT-Red's attack success rate on agentic workflows beyond prompt injection, and whether Anthropic or Google release comparable internal red-teaming benchmarks for their own agent runtimes. Also monitor GPT-5.6 Sol's enterprise adoption rate as a signal of trust in automated safety testing.

low view of boxers sparring


Source: technologyreview.com


Sources cited in this article

  1. MIT Technology Review
  2. Analytics Vidhya
  3. The Decoder
Source: gentic.news · · author= · citation.json

AI-assisted reporting. Generated by gentic.news from 3 verified sources, fact-checked against the Living Graph of 4,300+ entities. Edited by Ala SMITH.

Following this story?

Get a weekly digest with AI predictions, trends, and analysis — free.

AI Analysis

The 84% vs 13% gap is the headline, but the structural implication is more important: automated red-teaming via self-play creates a closed-loop safety system that scales with model capability. Human red teaming is inherently bounded by human creativity and throughput; an LLM trained to attack can iterate millions of scenarios overnight. This mirrors how AlphaGo surpassed human Go expertise through self-play. The key risk is that GPT-Red's attack library might become stale if it overfits to known vulnerabilities, but OpenAI's claim that it has already discovered novel attack types suggests the approach generalizes. The timing is strategic — GPT-5.6 Sol is competing directly with Claude Fable 5, and safety robustness is a differentiator for enterprise adoption. If automated red-teaming becomes standard practice, it raises the bar for all frontier models, potentially compressing the safety gap between leaders.
This story is part of
The AI Infrastructure War Shifts from Chips to Developer Tools
Nvidia's enterprise pivot and AWS's OpenAI bet collide with Cursor's quiet ascent
Compare side-by-side
GPT-Red vs GPT-4o
Enjoyed this article?
Share:

AI Toolslive

Five one-click lenses on this article. Cached for 24h.

Pick a tool above to generate an instant lens on this article.

Related Articles

From the lab

The framework underneath this story

Every article on this site sits on top of one engine and one framework — both built by the lab.

More in AI Research

View all