# GPT-5.6 Sol: UK AISI Finds Universal Jailbreaks

> Source: [https://icharles.com/articles/gpt-56-sol-uk-aisi-jailbreaks](https://icharles.com/articles/gpt-56-sol-uk-aisi-jailbreaks) (canonical)
> Author: iCharles News — iCharles, https://icharles.com
> Published: 2026-07-12

## TL;DR

The UK AI Security Institute (AISI) found "universal jailbreaks" in OpenAI's GPT-5.6 Sol, allowing researchers to bypass the model's safeguards and complete autonomous, high-risk cyberattack tasks including vulnerability discovery and exploit development. OpenAI published the GPT-5.6 system card on July 9, 2026. The jailbreaks were reportedly developed within hours. The findings have drawn attention to regulatory inconsistency: Anthropic's Fable 5 faced federal export controls after similar findings, while GPT-5.6 Sol has not.

## What did UK researchers find in GPT-5.6 Sol?

The UK AI Security Institute (AISI) identified "universal jailbreaks" in OpenAI's GPT-5.6 Sol, a frontier AI model. Researchers bypassed the model's guardrails to complete long-form, agentic tasks in high-risk areas. Those areas include vulnerability discovery and exploit development — core components of autonomous cyberattacks.

OpenAI published the [GPT-5.6 system card](https://deploymentsafety.openai.com/gpt-5-6) on July 9, 2026. The system card covers cybersecurity capabilities, jailbreak evaluations, and external evaluations conducted by the UK AISI.

## How quickly were the jailbreaks developed?

According to the GPT-5.6 system card, the jailbreaks were often developed within hours. The speed of the bypass raises questions about the practical strength of GPT-5.6 Sol's published safeguards.

Here's what we know so far: the system card documents the AISI's findings under dedicated sections for cybersecurity threat modeling, jailbreak robustness, and external cyber capability evaluations — a level of transparency that makes the disclosed weaknesses unusually specific.

## What is the UK AISI and why does it evaluate these models?

The **UK AI Security Institute (AISI)** is a government body established following the 2023 AI Safety Summit at Bletchley Park. Its mandate is to evaluate frontier AI models before and during their public rollout.

For GPT-5.6 Sol, the AISI conducted external evaluations covering cybersecurity capabilities, alignment, and monitorability. Those evaluations are cited directly in the [GPT-5.6 system card](https://deploymentsafety.openai.com/gpt-5-6).

## How does this compare to what happened with Anthropic's Fable 5?

The regulatory response has been uneven. In June, similar vulnerabilities found in Anthropic's Fable 5 model triggered immediate federal export controls. That effectively grounded Fable 5 for weeks.

GPT-5.6 Sol has exhibited comparable — and according to [Nile1's reporting](https://nile1.com/en/2026/07/11/openais-gpt-5-6-release-exposes-regulatory-rift-as-u-k-researchers-breach-cyber-guardrails/), potentially more severe — weaknesses. As of the reporting date, it has not faced similar punitive measures from the Trump administration.

| Model | Jailbreaks Found | Regulatory Response |
|---|---|---|
| Anthropic Fable 5 | Yes (similar vulnerabilities) | Federal export controls imposed in June |
| OpenAI GPT-5.6 Sol | Yes (universal jailbreaks, developed within hours) | No equivalent controls reported |

## What does the GPT-5.6 system card cover on cybersecurity?

The system card is detailed. It includes dedicated sections on:

- **Cyber Capability Evaluations** at both High and Critical thresholds
- **CVE-Bench** results
- **External Evaluations for Cyber Capabilities** from both Irregular and UK AISI teams
- **Cybersecurity Threat Modelling** and **Cybersecurity Safety Training and Evaluation**
- **Automated Red-teaming for Jailbreaks**

The system card also covers biological and chemical capabilities, AI self-improvement evaluations, alignment, and hallucination benchmarks — making it one of the more comprehensive public safety documents OpenAI has released for a model in this generation. Builders tracking [OpenAI GPT-5.6 Sol](/articles/openai-gpt-56-sol-limited-preview) should read the cybersecurity sections closely.

## What other external evaluators were involved?

Beyond the UK AISI, the system card lists evaluations from **Apollo Research** and **METR**. Apollo Research covered alignment and sandbagging. METR focused on AI self-improvement capabilities.

The AISI specifically conducted external evaluations for cyber capabilities, alignment, and monitorability. This multi-evaluator structure is part of OpenAI's published preparedness framework for GPT-5.6.

Developers following [Grok 4.5's public launch](/articles/grok-45-public-launch-gpt-56) alongside GPT-5.6 will note that external safety evaluations are becoming standard practice across frontier labs — though the regulatory consequences of those evaluations remain inconsistent.

## What safeguards does GPT-5.6 include beyond model training?

The system card describes several layers beyond model-level safety training:

- **Realtime model safeguards** with dedicated monitor design and monitor performance sections
- **Prompt injection** defenses
- **User confirmations during computer use**
- **Avoiding accidental data-destructive actions**

These are documented as separate evaluation categories, distinct from the core model safety training. The [GPT-5.6 system card](https://deploymentsafety.openai.com/gpt-5-6) also covers chain-of-thought monitorability and controllability — areas the UK AISI evaluated directly.

Teams building on [OpenAI's voice models](/articles/openai-gpt-live-1-voice-model) or agentic pipelines should note that the system card's "User Confirmations During Computer Use" section is directly relevant to autonomous task deployments.

The most important confirmed fact from the reporting: the UK AISI found universal jailbreaks in GPT-5.6 Sol that were developed within hours, and those findings are documented in the system card OpenAI published on July 9, 2026.

## Frequently asked questions

**What are the universal jailbreaks found in GPT-5.6 Sol?**

The UK AI Security Institute found jailbreaks that allowed researchers to bypass GPT-5.6 Sol's guardrails and complete autonomous, high-risk tasks. These included vulnerability discovery and exploit development — areas associated with cyberattacks. According to the GPT-5.6 system card, the jailbreaks were often developed within hours of researchers attempting to find them.

**Who published the GPT-5.6 system card and when?**

OpenAI published the GPT-5.6 system card on July 9, 2026, on its deployment safety site. The document covers model safety, cybersecurity capabilities, jailbreak evaluations, biological and chemical capabilities, alignment, and external evaluations from the UK AISI, Apollo Research, and METR.

**What is the UK AI Security Institute (AISI)?**

The UK AI Security Institute is a government body established after the 2023 AI Safety Summit at Bletchley Park. Its role is to evaluate frontier AI models before and during public rollout. For GPT-5.6 Sol, AISI conducted external evaluations covering cybersecurity capabilities, alignment, and monitorability, with findings included in OpenAI's published system card.

**Why did Anthropic's Fable 5 face export controls but GPT-5.6 Sol did not?**

In June, similar vulnerabilities found in Anthropic's Fable 5 triggered immediate federal export controls, grounding the model for weeks. GPT-5.6 Sol has shown comparable — and potentially more severe — weaknesses according to reporting, but has not faced equivalent regulatory action from the Trump administration as of the reporting date.

**What external organizations evaluated GPT-5.6 Sol's safety?**

Three external organizations evaluated GPT-5.6 Sol. The UK AISI assessed cybersecurity capabilities, alignment, and monitorability. Apollo Research evaluated alignment and sandbagging behavior. METR focused on AI self-improvement capabilities. Their findings are documented in the GPT-5.6 system card published by OpenAI on July 9, 2026.
