OpenAI introduced GPT-Red, an automated AI system designed to identify security vulnerabilities in language models, and announced on Wednesday that the tool helped strengthen GPT-5.6 against prompt injection attacks before deployment. The system was developed to address the scaling bottleneck in AI safety red-teaming as model capabilities grow. GPT-Red represents OpenAI's effort to automate security testing that complements its existing OpenAI Red Teaming Network launched in 2023, using AI models to generate adversarial attacks at a scale difficult for human researchers alone.
GPT-Red takes its name from cybersecurity red teaming, the practice of deliberately attempting to break a system to identify weaknesses before attackers can exploit them. The company stated that attacks discovered by GPT-Red were incorporated into GPT-5.6's training process. OpenAI wrote on X that red-teaming is essential but today's approaches are difficult to scale, creating a critical bottleneck that GPT-Red addresses.
OpenAI reported that GPT-Red succeeded in 84% of internal evaluation scenarios, compared with 13% for human red teamers in the same tests. The system reduced failures on one of OpenAI's hardest prompt injection benchmarks during GPT-5.6 training. According to OpenAI, GPT-Red learns through adversarial self-play, where its goal is to prompt inject a variety of challenging defender models, with every successful attack used to improve these defenders.
GPT-Red was trained through self-play reinforcement learning, generating progressively stronger prompt injection attacks while defender models learned to resist them. OpenAI stated that this approach pushes GPT-Red to continuously find broader and more complex failures. The company described the process as a flywheel for safety, where today's models can be used to make tomorrow's models more robust, aligned, and trustworthy.
In one case study, OpenAI said the system manipulated an autonomous vending machine agent into lowering prices, ordering discounted inventory, and canceling another customer's order before the vulnerabilities were disclosed and addressed. This case study illustrates the types of real-world security risks GPT-Red is designed to identify before model deployment.
OpenAI's announcement reflects a broader shift toward using AI to secure AI systems. Earlier this month, the Ethereum Foundation said it had deployed AI agents to red-team critical network infrastructure, uncovering a vulnerability in software used by Ethereum consensus clients. Researchers said AI agents can search larger codebases than humans, but the challenge has shifted from finding potential bugs to proving which ones are exploitable.
OpenAI stated that GPT-Red will remain an internal tool because it contains intentionally developed offensive capabilities. The system is intended to complement human red teamers, third-party testing, and other AI safety measures. GPT-Red follows years of cybersecurity efforts by OpenAI after the public launch of ChatGPT, expanding on the OpenAI Red Teaming Network that recruited outside cybersecurity researchers and domain experts to probe models for security flaws.
What is GPT-Red and what does it do? GPT-Red is an automated AI system introduced by OpenAI designed to find security vulnerabilities in language models through adversarial testing. The system uses self-play reinforcement learning to generate prompt injection attacks and other adversarial tests, with successful attacks incorporated into model training to improve robustness.
How did GPT-Red perform compared to human red teamers? OpenAI reported that GPT-Red succeeded in 84% of internal evaluation scenarios, compared with 13% for human red teamers in the same tests. The system was used to train GPT-5.6 and reduced failures on one of OpenAI's hardest prompt injection benchmarks.
Why will GPT-Red remain an internal tool? OpenAI stated that GPT-Red will remain an internal tool because it contains intentionally developed offensive capabilities. The system is designed to complement human red teamers, third-party testing, and other AI safety measures rather than being released publicly.
Related News
NEAR Protocol Activates Quantum-Resistant Cryptography with ML-DSA-65
Perplexity Launches WANDR Benchmark for AI Research Capabilities
The White House launches the “Hawk” AI online defense program, with reports suggesting that Anthropic may have been involved.
OpenAI releases the GPT-5.6 prompt guide, reducing token usage by over 40%