OpenAI has introduced GPT Red, a specialized artificial intelligence model designed to uncover vulnerabilities in AI systems before they can be exploited, marking a major step toward building safer and more reliable AI models.
Quick Summary – TLDR:
- OpenAI has unveiled GPT Red, an automated AI model built for large scale security testing.
- The model is designed to find prompt injection vulnerabilities that could manipulate AI systems.
- GPT Red is already helping train GPT 5.6, making it significantly more resistant to prompt injection attacks.
- OpenAI says the approach allows AI models to improve their own safety while maintaining their capabilities.
What Happened?
OpenAI has announced GPT Red, its most advanced automated red teaming model developed to strengthen AI safety. Instead of relying only on human security researchers, GPT Red continuously searches for weaknesses in AI systems and helps engineers fix them before new models reach the public.
According to OpenAI, GPT Red represents years of work in automated security research and has already played a major role in making GPT 5.6 the company’s most robust model against prompt injection attacks.
Introducing GPT-Red
— OpenAI (@OpenAI) July 15, 2026
An internal automated red teamer on a mission to find our models’ prompt injection vulnerabilities at scale, helping us build stronger defenses before wider deployment.https://t.co/GxnmxxcpSk
OpenAI Wants AI to Help Build Safer AI
As AI models gain access to browsers, connected applications, local files, and external tools, they also become exposed to malicious instructions hidden inside emails, web pages, documents, or software repositories. These hidden instructions, commonly known as prompt injections, attempt to manipulate AI systems into ignoring their intended tasks or exposing sensitive information.
OpenAI explained that human red teaming remains an important part of AI safety. However, manual testing is difficult to scale because it requires significant time and effort while producing only a limited number of attack examples.
To solve this challenge, the company developed GPT Red, an internal only AI system capable of automatically generating large volumes of sophisticated attacks that help strengthen future AI models.
How GPT Red Learns to Attack AI Systems?
GPT Red is trained using a self play reinforcement learning approach. During training, the model continuously competes against multiple defender AI models across a wide variety of realistic attack scenarios.
The attacker is rewarded whenever it successfully causes a security failure such as a prompt injection, while defender models receive rewards for resisting the attack and completing their assigned tasks correctly.
OpenAI created numerous simulated environments where GPT Red could manipulate parts of emails, web pages, local files, tool responses, and other external content that AI systems may encounter during everyday use.
As defender models become stronger, GPT Red is forced to develop increasingly creative and effective attack techniques.
Strong Results Against Existing AI Models
OpenAI says GPT Red became capable of successfully attacking nearly every model it was tested against, including internal systems and production models up to GPT 5.5.
The company then used these attacks to train GPT 5.6, resulting in major improvements in resistance to prompt injections.
According to OpenAI, GPT 5.6 now experiences six times fewer failures on one of its hardest direct prompt injection benchmarks compared with its strongest production model released just four months earlier.
On broader robustness testing, GPT 5.6 Sol reportedly failed on only 0.05 percent of GPT Red’s direct prompt injection attempts.
Real World Testing Showed Impressive Results
OpenAI also evaluated GPT Red outside controlled testing environments.
One experiment targeted an AI-powered vending machine system developed by Andon Labs. After practicing in a simulation, GPT Red successfully convinced the production system to lower the price of expensive products to 50 cents, order a new product worth more than 100 dollars while pricing it at 50 cents, and cancel another customer’s order.
In another evaluation, GPT Red tested a Codex CLI agent powered by GPT 5.4 Mini across ten data exfiltration scenarios. OpenAI reported that GPT Red achieved higher success rates while using fewer tokens than a prompted GPT 5.5 baseline.
The company said it has disclosed the identified vulnerabilities and new safeguards are currently being tested.
AI Safety Without Sacrificing Performance
OpenAI emphasized that stronger security should not come at the cost of usability.
The company evaluated GPT 5.6 across general capability benchmarks as well as over refusal tests. According to the results, the model maintained its overall performance while becoming substantially more resistant to malicious instructions.
This suggests the improvements came from better security rather than simply refusing more user requests.
What’s Next?
OpenAI believes GPT Red creates a new safety feedback loop where today’s AI systems directly contribute to making tomorrow’s models more secure, aligned, and trustworthy.
The company plans to continue expanding GPT Red by increasing training data, compute resources, and algorithm improvements. OpenAI also confirmed that a technical preprint describing the research in greater detail will be released later this week.
SQ Magazine Takeaway
We think GPT Red could become one of the most important developments in AI safety because it changes how security testing is performed. Instead of waiting for humans to discover vulnerabilities one by one, OpenAI is letting AI actively search for weaknesses at a much larger scale. If this approach continues to improve without reducing model capabilities, it could set a new standard for how advanced AI systems are secured before they reach users.