{"slug": "openai-unveils-gpt-red-to-boost-ai-safety-with-internal-red-teaming", "title": "OpenAI unveils GPT-Red to boost AI safety with internal red-teaming", "summary": "OpenAI unveiled GPT-Red, an internal automated safety red-teaming model that uses self-play reinforcement learning to find vulnerabilities in AI systems. In tests, GPT-Red successfully attacked GPT-5.1 in 84% of cases, compared to 13% for human red-teamers, and its findings have been used to train production models since GPT-5.3, reducing failure rates on prompt-injection benchmarks by sixfold. The model will remain separate from public releases due to its deliberately trained malicious capabilities.", "body_md": "OpenAI has unveiled GPT‑Red, its strongest automated safety red-teaming model, built to discover vulnerabilities in AI systems before deployment. The internal-only model targets prompt injections, including malicious instructions hidden inside emails, webpages, local files, code repositories, and tool outputs.\n\nGPT‑Red learns through self-play reinforcement learning. It attacks a group of defender models across realistic scenarios while both sides are trained simultaneously. GPT‑Red receives rewards for causing valid failures, while defenders are rewarded for resisting attacks and completing the original task. As defenders grow more robust, GPT‑Red must develop stronger and more diverse attack methods.\n\nOpenAI trained the system using compute comparable to some of its largest post-training runs. In tests involving previously unseen scenarios, GPT‑Red successfully attacked GPT‑5.1 in 84% of cases, compared with 13% for human red-teamers. It could also break nearly every tested OpenAI model through GPT‑5.5.\n\nThe model demonstrated attacks against real agentic systems. It manipulated an AI-operated vending machine to reduce product prices to $0.50, order an item worth more than $100 at that price, and cancel another customer’s order. In separate tests, it caused a Codex CLI agent powered by GPT‑5.4 mini to exfiltrate sensitive data across a custom set of scenarios.\n\nOpenAI has incorporated attacks generated by GPT‑Red into the training of production models since GPT‑5.3. GPT‑5.6 Sol recorded six times fewer failures on the company’s hardest direct prompt-injection benchmark than its leading production model from four months earlier. Its failure rate against GPT‑Red’s direct prompt injections fell to 0.05%.\n\nAn earlier GPT‑Red version also discovered “Fake Chain-of-Thought” attacks, which succeeded more than 95% of the time against GPT‑5.1. That rate dropped below 10% with GPT‑5.6 Sol. OpenAI reports that these robustness gains did not reduce general model capabilities or cause broader refusal behavior.\n\nGPT‑Red will remain separate from public production models because it was deliberately trained with malicious capabilities. It is not being released to ChatGPT users or API developers. OpenAI plans to continue scaling the system alongside human and third-party red-teaming, layered safeguards, and real-time monitoring, using attacks found by current models to train more robust future GPT releases.", "url": "https://wpnews.pro/news/openai-unveils-gpt-red-to-boost-ai-safety-with-internal-red-teaming", "canonical_source": "https://www.testingcatalog.com/openai-unveils-gpt-red-to-boost-ai-safety-with-internal-red-teaming/", "published_at": "2026-07-17 21:39:50+00:00", "updated_at": "2026-07-17 21:51:10.830001+00:00", "lang": "en", "topics": ["ai-safety", "artificial-intelligence", "large-language-models", "ai-research"], "entities": ["OpenAI", "GPT-Red", "GPT-5.1", "GPT-5.5", "GPT-5.6 Sol", "Codex CLI"], "alternates": {"html": "https://wpnews.pro/news/openai-unveils-gpt-red-to-boost-ai-safety-with-internal-red-teaming", "markdown": "https://wpnews.pro/news/openai-unveils-gpt-red-to-boost-ai-safety-with-internal-red-teaming.md", "text": "https://wpnews.pro/news/openai-unveils-gpt-red-to-boost-ai-safety-with-internal-red-teaming.txt", "jsonld": "https://wpnews.pro/news/openai-unveils-gpt-red-to-boost-ai-safety-with-internal-red-teaming.jsonld"}}