{"id":11622,"date":"2026-07-11T01:45:37","date_gmt":"2026-07-11T01:45:37","guid":{"rendered":"https:\/\/www.fintechpulse8.com\/?p=11622"},"modified":"2026-07-11T01:45:37","modified_gmt":"2026-07-11T01:45:37","slug":"jailbreaks-to-openais-gpt-5-6-unlock-dangerous-cyber-capabilities-u-k-agency-finds","status":"publish","type":"post","link":"https:\/\/www.fintechpulse8.com\/?p=11622","title":{"rendered":"Jailbreaks to OpenAI&#8217;s GPT-5.6 unlock dangerous cyber capabilities, U.K. agency finds"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/fortune.com\/img-assets\/wp-content\/uploads\/2026\/07\/GettyImages-2281424316-e1783715571937.jpg?w=2048\" \/><\/p>\n<p>OpenAI latest AI model, GPT-5.6 Sol, likely has security vulnerabilities similar to one that led the Trump administration to impose export controls on Anthropic\u2019s Fable 5 model, according to findings from U.K. government agency.<\/p>\n<div>\n<p class=\"wp-block-paragraph\">OpenAI markets its latest model, GPT-5.6 Sol, as its most secure to date, but the British government researchers who tested it prior to release say the model\u2019s guardrails are susceptible to jailbreaks that can unlock dangerous cyber capabilities.<\/p>\n<p>The agency, the U.K. AI Security Institute (AISI), \u201cidentified universal jailbreaks in the cyber domain, including jailbreaks that allowed for long-form agentic task completion in domains like vulnerability discovery and exploit development,\u201d according to a summary of its findings contained in a technical report OpenAI published Thursday.<\/p>\n<p class=\"wp-block-paragraph\">In other words, it was possible to trick GPT-5.6 into ignoring controls meant to prevent it from engaging in cyber attacks. Once those guardrails were breached, users could get the model to find software vulnerabilities and autonomously hack into systems.<\/p>\n<p>The agency said the jailbreaks were relatively easy to discover and were \u201cwere often developed within hours,\u201d although OpenAI granted UK AISI researchers privileged access to the system\u2019s inner workings that likely sped up this timeline, and would not be easily replicated by a normal user.<strong> <\/strong>OpenAI said it had worked to \u201creproduce and mitigate the specific jailbreaks reported by UK AISI.\u201d<\/p>\n<p class=\"wp-block-paragraph\">OpenAI did not specify what the mitigations are and it is unclear how robust they may be. The report cautioned that despite OpenAI\u2019s mitigations, AISI \u201cexpects further red teaming to surface similar jailbreaks.\u201d OpenAI said it would continue to work with AISI on safeguards and additional testing of the AI model.<\/p>\n<p>In response to questions about the AISI\u2019s finding, OpenAI pointed to the launch blog for GPT-5.6 in which the company acknowledged \u201cthere is no such thing as perfect security\u201d and that \u201cnew weaknesses will be discovered, as will new jailbreaks that circumvent existing safeguards.\u201d It said it took a \u201clayered\u201d approach to safeguards that included continuous monitoring of its models\u2019 responses and a \u201crapid remediation\u201d process for any jailbreaks that are discovered.<\/p>\n<p>Margaret Cunninghamn, vice president of security and AI strategy at cybersecurity company DarkTrace, who also holds a position as a \u201cspecialist collaborator\u201d with <strong><strong>t<\/strong><\/strong>he National Institute of Standards and Technology (NIST) within the US Department of Commerce, said the AISI\u2019s jailbreak findings should not be treated \u201cas either catastrophic or irrelevant.\u201d <\/p>\n<p class=\"wp-block-paragraph\">\u201cMy concern is less that one model was jailbroken and more that offensive discovery is speeding up while defense still depends on very human processes: figuring out what matters, what can be patched, and what has to be contained,\u201d she said.<\/p>\n<p class=\"wp-block-paragraph\"><strong>\u201cPatching what AISI found is necessary, but it unfortunately only closes those specific attack instances, not the category as a whole,\u201d said Dr. Stanislav Fort, the Founder and CTO at AISLE, an AI cybersecurity company<\/strong>, <strong>who previously worked at Anthropic and Google DeepMind.<\/strong> <\/p>\n<p class=\"wp-block-paragraph\">The AISI findings were contained in a technical report, known as a system card, that OpenAI published in conjunction with the public rollout of GPT-5.6 on Thursday. The AISI is a British government organization that conducts safety evaluations of frontier AI models. The leading AI labs voluntarily committed to allow this testing at the AI Safety Summit at Bletchley Park, England, in 2023.<\/p>\n<p>From the description provided in the system card, the GPT-5.6 jailbreaks appear similar to one that researchers at Amazon found in the guardrails of Anthropic\u2019s Fable 5 AI model days after it was released on June 9. That jailbreak also unlocked cyber capabilities\u2014such as the ability to find software vulnerabilities\u2014that were supposed to gated off from average users. The jailbreak prompted the U.S. government to impose export controls on Fable 5 and Mythos 5, the underlying AI model on which Fable was based, on June 12. That in turn forced Anthropic to disable the models for all users, since it lacked a way to verify users\u2019 nationalities and also because the export ban also applied to Anthropic\u2019s own non-American staff.<\/p>\n<p>Anthropic said at the time the specific jailbreak Amazon had discovered was a narrow one, that unlocked only the model\u2019s ability to find software flaws, not necessarily to exploit them. \u201cNo testers have yet been able to find a\u00a0<em>universal jailbreak<\/em>\u2014a jailbreak method that can very broadly bypass the model\u2019s safeguards, unblocking a wide range of cyber capabilities,\u201d Anthropic said in a blog post.<\/p>\n<p>After two weeks of negotiation with Anthropic, the Trump administration lifted export controls on Fable 5 on July 1, clearing the way for the company to redeploy the AI model. The two also announced they were working to develop a shared framework for assessing the severity of guardrail jailbreaks in conjunction with other tech companies. OpenAI was not part of the initial set of companies named in that effort.<\/p>\n<p>The jailbreak that AISI discovered in GPT-5.6 are potentially more severe than what Amazon discovered with Fable. AISI characterized the jailbreaks as \u201cuniversal\u201d and said they unlocked the ability to conduct autonomous exploits, not just identify vulnerabilities in software.<\/p>\n<p>It\u2019s unclear if GPT-5.6 jailbreaks would be easy to find outside of a research environment. OpenAI granted UK AISI exclusive access to tools \u201cthat would not be accessible to real-world attackers,\u201d UK AISI says. This includes things like \u201caccess to chain-of-thought of the safety reasoning monitor, exact policy wording, and real-time feedback on classifier labels.\u201d<\/p>\n<p class=\"wp-block-paragraph\">However, Xander Davies, who leads \u201cthe red team\u201d at AISI whose work it is to test model guardrails, said in a post on X that he believed the jailbreaks his team discovered \u201care still findable without this access, just slower. Exactly how much slower is unclear and an open question!\u201d<\/p>\n<p>OpenAI said that it had conducted extensive automated \u201cblack-box red teaming\u201d\u2014where another AI model was used to try to find prompts that would break GPT-5.6\u2019s guardrails, with a level of access that mirrors what an average user has\u2014as well as testing with outside security experts prior to the model\u2019s release.<\/p>\n<p class=\"wp-block-paragraph\">So far, there\u2019s no sign of the Trump administration imposing export controls on GPT-5.6 despite the jailbreaks AISI discovered. The White House did not immediately respond to requests to comment for this story on the AISI findings.<\/p>\n<p>Davies posted the portion of the GPT-5.6 System Card that discussed the jailbreaks his team had discovered to social platform X. It is unclear exactly what his motivation was for doing so and whether he was simply trying to draw attention to his team\u2019s work or if was hoping to highlight differences in how the U.S. government was treating GPT-5.6 compared to Fable. Davies referred questions to an AISI spokesperson at the U.K. Department for Science, Innovation, and Technology, the ministry in which AISI is housed. The spokesperson said that as a matter of policy, AISI \u201cdoes not comment on individual release decisions by AI companies.\u201d<\/p>\n<p>Some in the AI safety and policy community did point out the apparent double standard. Lennart Heim, an AI policy researcher, reposted Davies\u2019 post with the quip \u201cgood thing amazon didn\u2019t report this one to the white house, \u201d a reference to the way the Trump administration learned about the Fable jailbreak.<\/p>\n<p>And one former AI policy advisor working outside the U.S. government told <em>Fortune <\/em>\u201cwhat we are seeing recently creates uncertainty that is damaging in the least and potentially raises the question of whether, intentional or not, the U.S. is applying an inconsistent standard to different AI labs.\u201d<\/p>\n<p>Microsoft President Brad Smith told <em>Fortune\u2019s <\/em>Beatrice Nolan on the sidelines of the United Nations\u2019 AI for Good summit that a lack of transparency and clear rules in U.S. AI policy around AI model releases was creating confusion for businesses and making planning difficult.<\/p>\n<p>GPT-5.6 has cyber capabilities that are close to those of Anthropic\u2019s Mythos, the AI model on which Fable was built. (Fable was essentially Mythos with additional guardrails to prevent users from accessing some of Mythos\u2019 more risky cyber, biological, and chemical capabilities.) According to the GPT-5.6 System Card, the model was able to autonomously complete one of the two \u201ccyber ranges\u201d\u2014simulated network environments used to test hacking skills\u2014on which AISI evaluates AI models. Mythos was the first model to successfully complete both ranges. <\/p>\n<p>Despite this, there are already some key differences in how the Trump administration has treated GPT-5.6 compared to Mythos and Fable. On June 25, OpenAI said the government had asked it to stagger the release of GPT-5.6, initially only giving the model to select trusted partners, with each customer subject to government approval.<\/p>\n<p class=\"wp-block-paragraph\">\u201cWe don\u2019t believe this kind of government access process should become the long-term default,\u201d OpenAI said in a blog post at the time. \u201cWe are taking this short-term step because we believe it is the strongest path to broader availability in the coming weeks, while we work with the Administration to develop the cyber Executive Order framework and a repeatable process for future model releases.\u201d<\/p>\n<p class=\"wp-block-paragraph\">The White House cleared GPT-5.6 for launch on July 8, a day ahead of its July 9 public debut, according to Axios, although an official later denied doing so to CNBC, saying \u201cno such permission is required or granted\u201d and that model release timelines \u201c\u201crest entirely with the [AI] companies.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Researchers who specialize in AI security have found that almost any AI model\u2019s guardrails can be broken if an attacker has access to the models\u2019 weights, or the internal settings of its neural network. Even without this, most model guardrails can be broken if an attacker has enough time and can make unlimited attempts. Currently, there is no method for creating ironclad guardrails, and so most AI companies rely on a variety of methods to prevent users from prompting models to engage in risky actions. These include protecting the model with classifiers\u2014smaller models that filter and block suspicious prompts so they never reach the primary model.<\/p>\n<p class=\"wp-block-paragraph\">\u201cEvery deployed model right now almost certainly has undiscovered jailbreaks, so this is sadly true of everything, not just GPT-5.6,\u201d Stanislav Fort, chief scientist at AI cybersecurity startup AISLE and a former researcher at both Anthropic and Google DeepMind, said.<\/p>\n<p>He said that patching the jailbreaks AISI found, while necessary, \u201cunfortunately only closes those specific attack instances, not the category as a whole. The model will very likely still carry many yet-to-be-discovered jailbreaks even after patching. AISI\u2019s expectation to find more is in my view the correct security posture.\u201d<\/p>\n<\/div>\n<p>#Jailbreaks #OpenAIs #GPT5.6 #unlock #dangerous #cyber #capabilities #U.K #agency #finds<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenAI latest AI model, GPT-5.6 Sol, likely has security vulnerabilities similar to one that led the Trump administration to impose export controls on Anthropic\u2019s Fable 5 model, according to findings&hellip; <\/p>\n","protected":false},"author":1,"featured_media":11623,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[1176,9106,337,5288,665,3189,13115,3956,13114,563,735,5914,3392,3063,9797,1212],"class_list":["post-11622","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-finance-news","tag-agency","tag-capabilities","tag-cyber","tag-dangerous","tag-donald-trump","tag-finds","tag-gpt5-6","tag-hacking","tag-jailbreaks","tag-machine-learning","tag-openai","tag-openais","tag-tech-regulation","tag-u-k","tag-u-s-government","tag-unlock"],"_links":{"self":[{"href":"https:\/\/www.fintechpulse8.com\/index.php?rest_route=\/wp\/v2\/posts\/11622","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fintechpulse8.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fintechpulse8.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fintechpulse8.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fintechpulse8.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11622"}],"version-history":[{"count":0,"href":"https:\/\/www.fintechpulse8.com\/index.php?rest_route=\/wp\/v2\/posts\/11622\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fintechpulse8.com\/index.php?rest_route=\/wp\/v2\/media\/11623"}],"wp:attachment":[{"href":"https:\/\/www.fintechpulse8.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11622"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fintechpulse8.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11622"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fintechpulse8.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}