U.K. AI Security Institute finds universal jailbreaks in OpenAI's GPT-5.6 within hours

UK researchers expose universal jailbreaks in OpenAI's GPT-5.6, enabling autonomous hacking within hours, raising double standard concerns.

Jul 11, 2026
5 min read
Technobezz
U.K. AI Security Institute finds universal jailbreaks in OpenAI's GPT-5.6 within hours

Don't Miss the Good Stuff

Get tech news that matters delivered weekly. Join 50,000+ readers.

British researchers found universal jailbreaks in OpenAI's GPT-5.6 Sol within hours, unlocking the model's ability to autonomously discover software vulnerabilities and hack into systems, according to findings published Thursday in a technical report.

The U.K. AI Security Institute (AISI) identified jailbreaks that allowed "long-form agentic task completion in domains like vulnerability discovery and exploit development," per the system card OpenAI released alongside GPT-5.6's public rollout. The agency characterized the breaches as "universal" -- a designation that goes beyond the narrow jailbreak Amazon researchers found in Anthropic's Fable 5 model last month.

OpenAI markets GPT-5.6 as its most secure model yet. The company said it worked to "reproduce and mitigate the specific jailbreaks reported by UK AISI," though it did not specify what those mitigations are.

AISI cautioned it "expects further red teaming to surface similar jailbreaks." The jailbreaks appear at least as severe as the vulnerability that triggered U.S. export controls on Anthropic's Fable 5 on June 12, forcing Anthropic to disable the model for all users.

The Trump administration lifted those controls on July 1 after two weeks of negotiations. But so far, no similar action has been taken against GPT-5.6, despite AISI's findings -- a discrepancy that AI policy researchers have flagged as an apparent double standard.

OpenAI granted AISI researchers privileged access to the system's inner workings, including "access to chain-of-thought of the safety reasoning monitor, exact policy wording, and real-time feedback on classifier labels" -- tools unavailable to real-world attackers. Xander Davies, who leads AISI's red team, said in a post on X that he believes the jailbreaks "are still findable without this access, just slower."

OpenAI acknowledged in its launch blog that "there is no such thing as perfect security" and that "new weaknesses will be discovered, as will new jailbreaks that circumvent existing safeguards." The company said it takes a layered approach with continuous monitoring and rapid remediation.

Separately, OpenAI announced July 9 that it doubled the top reward in its Bio Bounty program from $25,000 to $50,000 for researchers who can develop a universal jailbreak against GPT-5.6's biological safety controls. The program originally launched April 23 for GPT-5.5, which will drop out of scope on July 27.

Stanislav Fort, chief scientist at AI cybersecurity startup AISLE and a former researcher at Anthropic and Google DeepMind, said patching the specific jailbreaks AISI found "unfortunately only closes those specific attack instances, not the category as a whole. The model will very likely still carry many yet-to-be-discovered jailbreaks even after patching."

GPT-5.6's cyber capabilities are close to those of Anthropic's Mythos, the model that powered Fable 5.6 autonomously completed one of two cyber ranges used by AISI to evaluate AI models.

Mythos was the first to complete both.

Share