Skip to main content

GPT-5.6 Sol: UK AISI Finds Universal Jailbreaks

The UK AI Security Institute identified universal jailbreaks in GPT-5.6 Sol, enabling autonomous cyberattacks despite marketed safeguards — disclosed in OpenAI's system card published July 9, 2026.

GPT-5.6 Sol: UK AISI Finds Universal Jailbreaksdeploymentsafety.openai.com

What did UK researchers find in GPT-5.6 Sol?

The UK AI Security Institute (AISI) identified "universal jailbreaks" in OpenAI's GPT-5.6 Sol, a frontier AI model. Researchers bypassed the model's guardrails to complete long-form, agentic tasks in high-risk areas. Those areas include vulnerability discovery and exploit development — core components of autonomous cyberattacks.

OpenAI published the GPT-5.6 system card on July 9, 2026. The system card covers cybersecurity capabilities, jailbreak evaluations, and external evaluations conducted by the UK AISI.

How quickly were the jailbreaks developed?

According to the GPT-5.6 system card, the jailbreaks were often developed within hours. The speed of the bypass raises questions about the practical strength of GPT-5.6 Sol's published safeguards.

Here's what we know so far: the system card documents the AISI's findings under dedicated sections for cybersecurity threat modeling, jailbreak robustness, and external cyber capability evaluations — a level of transparency that makes the disclosed weaknesses unusually specific.

What is the UK AISI and why does it evaluate these models?

The UK AI Security Institute (AISI) is a government body established following the 2023 AI Safety Summit at Bletchley Park. Its mandate is to evaluate frontier AI models before and during their public rollout.

You might also like

For GPT-5.6 Sol, the AISI conducted external evaluations covering cybersecurity capabilities, alignment, and monitorability. Those evaluations are cited directly in the GPT-5.6 system card.

How does this compare to what happened with Anthropic's Fable 5?

The regulatory response has been uneven. In June, similar vulnerabilities found in Anthropic's Fable 5 model triggered immediate federal export controls. That effectively grounded Fable 5 for weeks.

GPT-5.6 Sol has exhibited comparable — and according to Nile1's reporting, potentially more severe — weaknesses. As of the reporting date, it has not faced similar punitive measures from the Trump administration.

Model Jailbreaks Found Regulatory Response
Anthropic Fable 5 Yes (similar vulnerabilities) Federal export controls imposed in June
OpenAI GPT-5.6 Sol Yes (universal jailbreaks, developed within hours) No equivalent controls reported

What does the GPT-5.6 system card cover on cybersecurity?

The system card is detailed. It includes dedicated sections on:

  • Cyber Capability Evaluations at both High and Critical thresholds
  • CVE-Bench results
  • External Evaluations for Cyber Capabilities from both Irregular and UK AISI teams
  • Cybersecurity Threat Modelling and Cybersecurity Safety Training and Evaluation
  • Automated Red-teaming for Jailbreaks

The system card also covers biological and chemical capabilities, AI self-improvement evaluations, alignment, and hallucination benchmarks — making it one of the more comprehensive public safety documents OpenAI has released for a model in this generation. Builders tracking OpenAI GPT-5.6 Sol should read the cybersecurity sections closely.

What other external evaluators were involved?

Beyond the UK AISI, the system card lists evaluations from Apollo Research and METR. Apollo Research covered alignment and sandbagging. METR focused on AI self-improvement capabilities.

The AISI specifically conducted external evaluations for cyber capabilities, alignment, and monitorability. This multi-evaluator structure is part of OpenAI's published preparedness framework for GPT-5.6.

Developers following Grok 4.5's public launch alongside GPT-5.6 will note that external safety evaluations are becoming standard practice across frontier labs — though the regulatory consequences of those evaluations remain inconsistent.

What safeguards does GPT-5.6 include beyond model training?

The system card describes several layers beyond model-level safety training:

  • Realtime model safeguards with dedicated monitor design and monitor performance sections
  • Prompt injection defenses
  • User confirmations during computer use
  • Avoiding accidental data-destructive actions

These are documented as separate evaluation categories, distinct from the core model safety training. The GPT-5.6 system card also covers chain-of-thought monitorability and controllability — areas the UK AISI evaluated directly.

Teams building on OpenAI's voice models or agentic pipelines should note that the system card's "User Confirmations During Computer Use" section is directly relevant to autonomous task deployments.

The most important confirmed fact from the reporting: the UK AISI found universal jailbreaks in GPT-5.6 Sol that were developed within hours, and those findings are documented in the system card OpenAI published on July 9, 2026.

Frequently asked questions

What are the universal jailbreaks found in GPT-5.6 Sol?
The UK AI Security Institute found jailbreaks that allowed researchers to bypass GPT-5.6 Sol's guardrails and complete autonomous, high-risk tasks. These included vulnerability discovery and exploit development — areas associated with cyberattacks. According to the GPT-5.6 system card, the jailbreaks were often developed within hours of researchers attempting to find them.
Who published the GPT-5.6 system card and when?
OpenAI published the GPT-5.6 system card on July 9, 2026, on its deployment safety site. The document covers model safety, cybersecurity capabilities, jailbreak evaluations, biological and chemical capabilities, alignment, and external evaluations from the UK AISI, Apollo Research, and METR.
What is the UK AI Security Institute (AISI)?
The UK AI Security Institute is a government body established after the 2023 AI Safety Summit at Bletchley Park. Its role is to evaluate frontier AI models before and during public rollout. For GPT-5.6 Sol, AISI conducted external evaluations covering cybersecurity capabilities, alignment, and monitorability, with findings included in OpenAI's published system card.
Why did Anthropic's Fable 5 face export controls but GPT-5.6 Sol did not?
In June, similar vulnerabilities found in Anthropic's Fable 5 triggered immediate federal export controls, grounding the model for weeks. GPT-5.6 Sol has shown comparable — and potentially more severe — weaknesses according to reporting, but has not faced equivalent regulatory action from the Trump administration as of the reporting date.
What external organizations evaluated GPT-5.6 Sol's safety?
Three external organizations evaluated GPT-5.6 Sol. The UK AISI assessed cybersecurity capabilities, alignment, and monitorability. Apollo Research evaluated alignment and sandbagging behavior. METR focused on AI self-improvement capabilities. Their findings are documented in the GPT-5.6 system card published by OpenAI on July 9, 2026.

Verified claims

Each key claim below was checked against its source — the exact supporting passage is quoted so you can confirm it yourself.

  1. The UK AI Security Institute identified universal jailbreaks in GPT-5.6 Sol that bypassed guardrails for vulnerability discovery and exploit development.

    universal jailbreaks
    Verified deploymentsafety.openai.com
  2. The jailbreaks in GPT-5.6 Sol were often developed within hours.

    within hours
    Verified deploymentsafety.openai.com
  3. Apollo Research covered alignment and sandbagging evaluations for GPT-5.6.

    Apollo Research
    Verified deploymentsafety.openai.com
  4. GPT-5.6 Sol has not faced similar punitive regulatory measures from the Trump administration as of the reporting date.

    Trump administration
    Verified nile1.com

Sources

  1. GPT-5.6 system card deploymentsafety.openai.com
  2. Nile1's reporting nile1.com

Keep reading

0 Comments

Log in to comment

Not a member yet? Join the community

0:00 / 0:00