Business

OpenAI’s GPT-5.6 Release Exposes Regulatory Rift as U.K. Researchers Breach Cyber Guardrails

U.K. researchers identify 'universal jailbreaks' in OpenAI’s latest model, sparking regulatory debate.

Mark Thompson works as part of the editorial team at Nile1, contributing to the preparation and editing of news content in accordance with the website’s editorial policy and based on verified sources and internal editorial review prior to publication. The published content reflects the editorial stance of the website and does not necessarily represent a personal opinion.

The U.K. AI Security Institute (AISI) has identified “universal jailbreaks” within OpenAI’s latest model, GPT-5.6 Sol, revealing that the system can be manipulated to perform autonomous cyberattacks despite marketed safeguards. The findings, disclosed in a technical report published Thursday, indicate that researchers were able to bypass guardrails to achieve long-form agentic task completion in high-risk areas such as vulnerability discovery and exploit development.

The discovery places fresh scrutiny on the Trump administration’s regulatory consistency. In June, similar vulnerabilities found in Anthropic’s Fable 5 model triggered immediate federal export controls, effectively grounding the model for weeks. While OpenAI’s GPT-5.6 Sol exhibits comparable—and potentially more severe—weaknesses, it has so far avoided similar punitive measures.

Established following the 2023 AI Safety Summit at Bletchley Park, the AISI is tasked with evaluating frontier models before and during their public rollout. According to the GPT-5.6 system card, the jailbreaks were often developed within hours, though researchers utilized privileged access to the model’s safety reasoning monitor and internal policy wording.

Xander Davies, who leads the red teaming efforts at AISI, noted on social media that while their testing utilized privileged access, the vulnerabilities are likely still findable for external actors, albeit at a slower pace. OpenAI stated it has worked to reproduce and mitigate the specific jailbreaks reported by the U.K. agency, though it acknowledged that “new weaknesses will be discovered” as part of its layered security approach.

The technical disparity between the models is narrow. GPT-5.6 Sol reportedly completed one of two “cyber ranges” used by AISI to test hacking proficiency. Anthropic’s Mythos model, the precursor to Fable 5, remains the only system to have successfully completed both. Despite these cyber capabilities, the regulatory response has differed significantly between the two leading AI labs.

Industry experts suggest the current lack of a unified framework for model releases is creating a volatile environment for developers. Margaret Cunningham, vice president of security and AI strategy at DarkTrace, warned that offensive discovery is currently outstripping human-led defense processes. She noted that the AISI findings should not be viewed as catastrophic, but rather as a signal that defense must evolve beyond human-dependent patching.

The U.S. government’s handling of the release has been marked by conflicting signals. While OpenAI confirmed it staggered the release of GPT-5.6 at the request of federal officials, a subsequent report from Axios suggested the White House cleared the launch on July 8. This was later contradicted by an official statement to CNBC claiming the government does not grant release permissions.

Lennart Heim, an AI policy researcher, characterized the situation as a potential double standard, noting the aggressive federal response to the Fable 5 jailbreak compared to the relative silence surrounding GPT-5.6. This inconsistency has raised questions among former policy advisors regarding whether the U.S. is applying different standards to different laboratories.

Stanislav Fort, CTO at AISLE and a former researcher at Google DeepMind, argued that patching individual jailbreaks is a temporary fix. He noted that the model will likely carry undiscovered vulnerabilities even after initial mitigations, as current AI architecture lacks a method for ironclad guardrails. OpenAI continues to utilize black-box red teaming and automated classifiers to filter suspicious prompts, but the AISI expects further testing to surface similar breaches.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button