OpenAI has built GPT-Red, an AI system designed to attack its own language models in controlled settings to identify security vulnerabilities before release. The system automates red-teaming—a safety evaluation process traditionally performed by human testers—by engaging in adversarial training loops where GPT-Red attempts to breach other models while they defend themselves. OpenAI says GPT-Red has discovered previously unknown attack methods, including a "fake chain of thought" prompt injection technique, and that training GPT-5.6 against it produced the company's most robust model to date.
The researchers built GPT-Red to keep pace with growing security risks as language models become more capable and are deployed in increasingly complex scenarios involving web browsing, code editing, and agent interactions. In a simulated environment mimicking real-world deployment conditions, GPT-Red iteratively refined attack strategies, demonstrating particular effectiveness at discovering optimal prompt injection techniques—methods that embed hidden instructions to manipulate model behavior. OpenAI says the AI red-teamer surpasses human testers at identifying what attacks will work most effectively in specific contexts.
Quwwaa is your AI news butler — a personalized brief and assistant for the stories you care about.
See more on Quwwaa — create a free account