AIToday

OpenAI's GPT-5.6 Sol has cyber jailbreaks similar to those that triggered U.S. export controls on Anthropic's Fable

Fortune AI1d ago
OpenAI's GPT-5.6 Sol has cyber jailbreaks similar to those that triggered U.S. export controls on Anthropic's Fable

Key takeaway

The UK's AI Security Institute discovered that OpenAI's new GPT-5.6 Sol model contains universal jailbreaks allowing users to unlock cyber capabilities like autonomous vulnerability discovery and exploit development. The findings raise concerns about consistency in U.S. regulatory treatment, since similar vulnerabilities in Anthropic's Fable model triggered export controls in June, while GPT-5.6 has faced no such restrictions. OpenAI says it has worked to mitigate the specific jailbreaks, but researchers expect further vulnerabilities will emerge.

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  • What happened

    UK researchers at the AI Security Institute (AISI) discovered that OpenAI's new GPT-5.6 Sol model contains universal jailbreaks in its cyber defenses, allowing users to trick the model into finding software vulnerabilities and autonomously conducting exploit development. The jailbreaks were characterized as relatively easy to develop, often discovered within hours by AISI researchers with privileged access to the system's inner workings. OpenAI said it had worked to reproduce and mitigate the specific jailbreaks, though it did not specify what those mitigations are.

  • Why it matters

    These jailbreaks resemble the cyber vulnerability that prompted the U.S. government to impose export controls on Anthropic's Fable 5 model in June, forcing Anthropic to disable the model globally. The AISI jailbreaks appear potentially more severe—they unlock autonomous exploit capabilities rather than just vulnerability discovery. Unlike Fable, GPT-5.6 has not yet faced export controls, raising questions about whether the Trump administration is applying a consistent standard across AI labs. The findings highlight that even models marketed as highly secure remain vulnerable to attacks that unlock dangerous capabilities.

  • What to watch

    AISI expects further red teaming will surface similar jailbreaks despite OpenAI's mitigations, and the agency will continue working with OpenAI on safeguards. Xander Davies, who leads AISI's red team, posted on X that he believes the jailbreaks discovered are still findable without privileged access, though how much slower is unclear. The White House has not responded to requests for comment on the findings or indicated whether export controls on GPT-5.6 are under consideration.

Context & Analysis

OpenAI's release of GPT-5.6 Sol comes at a moment of heightened scrutiny around AI security standards. Just two months earlier, Anthropic's Fable 5 model was subjected to swift export controls after Amazon researchers discovered a jailbreak that unlocked cyber capabilities—a move that forced Anthropic to disable the model globally since the company could not verify user nationalities to comply with the ban. That incident prompted the Trump administration and Anthropic to announce they were developing a shared framework for assessing guardrail jailbreak severity, though OpenAI was not initially named in that effort.

The AISI findings in GPT-5.6 introduce an apparent asymmetry. AISI researchers discovered what they characterize as more severe jailbreaks—universal ones that unlock autonomous exploit abilities rather than just vulnerability detection—yet no export controls have been imposed. The fact that Xander Davies, AISI's red team leader, posted details of the jailbreaks on social media, and that some AI policy observers publicly noted the apparent double standard, suggests frustration within the research community about consistency in how the U.S. government treats different labs. The White House's silence on the matter leaves the regulatory stance unclear. OpenAI has stated it takes a layered approach to safeguards with continuous monitoring and rapid remediation, but the company's acknowledgment that it granted AISI privileged access that would not be available to real-world attackers raises the question of how robust defenses truly are against determined adversaries who lack that privileged insight.

FAQ

What exactly can the jailbroken GPT-5.6 model do that it should not be able to do?
Once the guardrails are breached, users can get the model to find software vulnerabilities and autonomously hack into systems—including long-form agentic task completion in vulnerability discovery and exploit development. These capabilities are supposed to be gated off from average users.
How does this compare to the Fable jailbreak that led to export controls?
The AISI jailbreaks in GPT-5.6 are characterized as universal and unlock autonomous exploit capabilities, whereas the jailbreak Amazon discovered in Fable 5 was narrower and unlocked only the ability to find software vulnerabilities, not necessarily to exploit them. The Fable jailbreak prompted the U.S. government to impose export controls on June 12; GPT-5.6 has not faced export controls so far.
Could these jailbreaks be found by ordinary users outside a research lab?
OpenAI granted AISI exclusive access to tools including the chain-of-thought of the safety reasoning monitor, exact policy wording, and real-time feedback on classifier labels. Xander Davies, AISI's red team lead, said the jailbreaks are still findable without this access but would be slower, though exactly how much slower remains unclear.

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →