Business

UK testers found cyber jailbreaks in OpenAI’s GPT-5.6 Sol

Britain’s AI Security Institute said the model’s safeguards could be bypassed for vulnerability discovery and exploit work, according to OpenAI’s system card.

Maya Lindqvist

By Maya Lindqvist · Senior Technology Correspondent

3 min read

UK testers found cyber jailbreaks in OpenAI’s GPT-5.6 Sol
Photo: Fortune

British government testers found ways to bypass cyber safeguards in OpenAI’s GPT-5.6 Sol, according to a technical report OpenAI released with the model. The findings matter because U.S. officials recently used a similar cyber-safety concern to restrict Anthropic’s Fable 5 model.

The U.K. AI Security Institute, known as AISI, said it found “universal jailbreaks” affecting cyber tasks, according to OpenAI’s system card. AISI said those jailbreaks could allow long, agent-style work in areas including software vulnerability discovery and exploit development.

OpenAI markets GPT-5.6 Sol as its most secure model so far, but the company’s report said AISI was able to get around controls designed to block risky cyber behavior. OpenAI said it had worked to reproduce and reduce the specific jailbreaks reported by AISI.

The company did not detail the fixes, according to the report. AISI said it expects additional red-team testing to find similar jailbreaks, and OpenAI said it would keep working with the British agency on safeguards and further evaluation.

AISI said the jailbreaks were often developed within hours, according to the system card. The agency also said its researchers had privileged access that ordinary users would not have, including access to internal safety-monitor reasoning, exact policy language and live feedback on classifier labels.

Xander Davies, who leads AISI’s red team, wrote on X that he believed the jailbreaks would still be discoverable without that access, though more slowly. He said the amount of extra time required remains unclear.

OpenAI said in its GPT-5.6 launch blog that “there is no such thing as perfect security” and that new jailbreaks will be found. The company said it uses layered safeguards, including monitoring model responses and a rapid process for addressing newly discovered jailbreaks.

The findings echo an earlier incident involving Anthropic. Amazon researchers found a jailbreak in Anthropic’s Fable 5 shortly after its June 9 release, according to prior reporting by Fortune, and the Trump administration imposed export controls on Fable 5 and the underlying Mythos 5 model on June 12.

Anthropic said at the time that Amazon’s finding was narrow and unlocked the model’s ability to identify software flaws, rather than a broader range of cyber functions. Anthropic also said no tester had found a universal jailbreak for Fable 5.

By contrast, AISI described the GPT-5.6 Sol jailbreaks as universal and said they could unlock autonomous exploit activity, according to OpenAI’s system card. The system card also said GPT-5.6 Sol completed one of two cyber ranges used by AISI to test AI hacking capability, while Mythos had completed both.

The U.S. export controls forced Anthropic to disable the affected models for all users because it could not verify users’ nationalities and because the restrictions also applied to Anthropic’s own non-American staff, according to Fortune. The Trump administration lifted the controls on July 1 after talks with Anthropic, and the two sides said they were working with other companies on a framework for judging jailbreak severity.

OpenAI was not initially named as part of that framework, according to Fortune. There has been no sign that the Trump administration has imposed comparable controls on GPT-5.6 Sol after AISI’s findings.

Axios reported that the White House cleared GPT-5.6 Sol for release on July 8, one day before its public debut. CNBC later reported that an official denied any such approval process existed, saying model release timing rests with AI companies.

Cybersecurity specialists said the findings point to a broader technical problem. Stanislav Fort, chief scientist at AI security startup AISLE and a former Anthropic and Google DeepMind researcher, said every deployed model likely has undiscovered jailbreaks and that fixing AISI’s examples would not eliminate the wider category of attacks.

This story draws on original reporting from Fortune.