OpenAI latest AI model, GPT-5.6 Sol, likely has security vulnerabilities similar to one that led the Trump administration to impose export controls on Anthropic’s Fable 5 model, according to findings from U.K. government agency.
OpenAI markets its latest model, GPT-5.6 Sol, as its most secure to date, but the British government researchers who tested it prior to release say the model’s guardrails are susceptible to jailbreaks that can unlock dangerous cyber capabilities.The agency, the U.K. AI Security Institute (AISI), “identified universal jailbreaks in the cyber domain, including jailbreaks that allowed for long-form agentic task completion in domains like vulnerability discovery and exploit development,” according to a summary of its findings contained in a technical report OpenAI published Thursday.
In other words, it was possible to trick GPT-5.6 into ignoring controls meant to prevent it from engaging in cyber attacks. Once those guardrails were breached, users could get the model to find software vulnerabilities and autonomously hack into systems.The agency said the jailbreaks were relatively easy to discover and “were often developed within hours,” although OpenAI granted UK AISI researchers privileged access to the system’s inner workings that likely sped up this timeline, and would not be easily replicated by a normal user. OpenAI said it had worked to “reproduce and mitigate the specific jailbreaks reported by UK AISI.”
OpenAI did not specify what the mitigations are and it is unclear how robust they may be. The report cautioned that despite OpenAI’s mitigations, AISI “expects further red teaming to surface similar jailbreaks.” OpenAI said it would continue to work with AISI on safeguards and additional testing of the AI model.In response to questions about the AISI’s finding, OpenAI pointed to the launch blog for GPT-5.6 in which the company acknowledged “there is no such thing as perfect security” and that “new weaknesses will be discovered, as will new jailbreaks that circumvent existing safeguards.” It said it took a “layered” approach to safeguards that included continuous monitoring of its models’ responses and a “rapid remediation” process for any jailbreaks that are discovered.Margaret Cunninghamn, vice president of security and AI strategy at cybersecurity company DarkTrace, who also holds a position as a “specialist collaborator” with the National Institute of Standards and Technology (NIST) within the US Department of Commerce, said the AISI’s jailbreak findings should not be treated “as either catastrophic or irrelevant.”
“My concern is less that one model was jailbroken and more that offensive discovery is speeding up while defense still depends on very human processes: figuring out what matters, what can be patched, and what has to be contained,” she said.
The AISI findings were contained in a technical report, known as a system card, that OpenAI published in conjunction with the public rollout of GPT-5.6 on Thursday. The AISI is a British government organization that conducts safety evaluations of frontier AI models. The leading AI labs voluntarily committed to allow this testing at the AI Safety Summit at Bletchley Park, England, in 2023.From the description provided in the system card, the GPT-5.6 jailbreaks appear similar to one that researchers at Amazon found in the guardrails of Anthropic’s Fable 5 AI model days after it was released on June 9. That jailbreak also unlocked cyber capabilities—such as the ability to find software vulnerabilities—that were supposed to gated off from average users. The jailbreak prompted the U.S. government to impose export controls on Fable 5 and Mythos 5, the underlying AI model on which Fable was based, on June 12. That in turn forced Anthropic to disable the models for all users, since it lacked a way to verify users’ nationalities and also because the export ban also applied to Anthropic’s own non-American staff.Anthropic said at the time the specific jailbreak Amazon had discovered was a narrow one, that unlocked only the model’s ability to find software flaws, not necessarily to exploit them. “No testers have yet been able to find a universal jailbreak—a jailbreak method that can very broadly bypass the model’s safeguards, unblocking a wide range of cyber capabilities,” Anthropic said in a blog post.After two weeks of negotiation with Anthropic, the Trump administration lifted export controls on Fable 5 on July 1, clearing the way for the company to redeploy the AI model. The two also announced they were working to develop a shared framework for assessing the severity of guardrail jailbreaks in conjunction with other tech companies. OpenAI was not part of the initial set of companies named in that effort.The jailbreak that AISI discovered in GPT-5.6 are potentially more severe than what Amazon discovered with Fable. AISI characterized the jailbreaks as “universal” and said they unlocked the ability to conduct autonomous exploits, not just identify vulnerabilities in software.It’s unclear if GPT-5.6 jailbreaks would be easy to find outside of a research environment. OpenAI granted UK AISI exclusive access to tools “that would not be accessible to real-world attackers,” UK AISI says. This includes things like “access to chain-of-thought of the safety reasoning monitor, exact policy wording, and real-time feedback on classifier labels.”
However, Xander Davies, who leads “the red team” at AISI whose work it is to test model guardrails, said in a post on X that he believed the jailbreaks his team discovered “are still findable without this access, just slower. Exactly how much slower is unclear and an open question!”OpenAI said that it had conducted extensive automated “black-box red teaming”—where another AI model was used to try to find prompts that would break GPT-5.6’s guardrails, with a level of access that mirrors what an average user has—as well as testing with outside security experts prior to the model’s release.
So far, there’s no sign of the Trump administration imposing export controls on GPT-5.6 despite the jailbreaks AISI discovered. The White House did not immediately respond to requests to comment for this story on the AISI findings.Davies posted the portion of the GPT-5.6 System Card that discussed the jailbreaks his team had discovered to social platform X. It is unclear exactly what his motivation was for doing so, but Davies has made similar X posts highlighting the portions of model safety cards that reference the work of his AISI team for other model releases including OpenAI’s GPT-5.5 and Anthropic’s Mythos. Davies referred questions to an AISI spokesperson at the U.K. Department for Science, Innovation, and Technology, the ministry in which AISI is housed. The spokesperson said that as a matter of policy, AISI “does not comment on individual release decisions by AI companies.”Some in the AI safety and policy community did point out the apparent double standard. Lennart Heim, an AI policy researcher, reposted Davies’ post with the quip “good thing amazon didn’t report this one to the white house, ” a reference to the way the Trump administration learned about the Fable jailbreak.And one former AI policy advisor working outside the U.S. government told Fortune “what we are seeing recently creates uncertainty that is damaging in the least and potentially raises the question of whether, intentional or not, the U.S. is applying an inconsistent standard to different AI labs.”Microsoft President Brad Smith told Fortune’s Beatrice Nolan on the sidelines of the United Nations’ AI for Good summit that a lack of transparency and clear rules in U.S. AI policy around AI model releases was creating confusion for businesses and making planning difficult.GPT-5.6 has cyber capabilities that are close to those of Anthropic’s Mythos, the AI model on which Fable was built. (Fable was essentially Mythos with additional guardrails to prevent users from accessing some of Mythos’ more risky cyber, biological, and chemical capabilities.) According to the GPT-5.6 System Card, the model was able to autonomously complete one of the two “cyber ranges”—simulated network environments used to test hacking skills—on which AISI evaluates AI models. Mythos was the first model to successfully complete both ranges. Despite this, there are already some key differences in how the Trump administration has treated GPT-5.6 compared to Mythos and Fable. On June 25, OpenAI said the government had asked it to stagger the release of GPT-5.6, initially only giving the model to select trusted partners, with each customer subject to government approval.
“We don’t believe this kind of government access process should become the long-term default,” OpenAI said in a blog post at the time. “We are taking this short-term step because we believe it is the strongest path to broader availability in the coming weeks, while we work with the Administration to develop the cyber Executive Order framework and a repeatable process for future model releases.”
The White House cleared GPT-5.6 for launch on July 8, a day ahead of its July 9 public debut, according to Axios, although an official later denied doing so to CNBC, saying “no such permission is required or granted” and that model release timelines “rest entirely with the [AI] companies.”
Researchers who specialize in AI security have found that almost any AI model’s guardrails can be broken if an attacker has access to the models’ weights, or the internal settings of its neural network. Even without this, most model guardrails can be broken if an attacker has enough time and can make unlimited attempts. Currently, there is no method for creating ironclad guardrails, and so most AI companies rely on a variety of methods to prevent users from prompting models to engage in risky actions. These include protecting the model with classifiers—smaller models that filter and block suspicious prompts so they never reach the primary model.
“Every deployed model right now almost certainly has undiscovered jailbreaks, so this is sadly true of everything, not just GPT-5.6,” Stanislav Fort, chief scientist at AI cybersecurity startup AISLE and a former researcher at both Anthropic and Google DeepMind, said.He said that patching the jailbreaks AISI found, while necessary, “unfortunately only closes those specific attack instances, not the category as a whole. The model will very likely still carry many yet-to-be-discovered jailbreaks even after patching. AISI’s expectation to find more is in my view the correct security posture.”
This story was originally featured on Fortune.com
Hence then, the article about openai s latest ai model likely has similar cyber vulnerabilities to one that led to u s export controls on anthropic s fable british agency says was published today ( ) and is available on Fortune ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( OpenAI’s latest AI model likely has similar cyber vulnerabilities to one that led to U.S. export controls on Anthropic’s Fable, British agency says )
Also on site :