OpenAI Unveils GPT-Red to Protect AI Models Against Prompt Injection Attacks
In Focus
- GPT-Red completes red-teaming tasks automatically
- OpenAI has integrated GPT-Red directly into GPT-5.6’s training process
- GPT-Red delivers 6x less direct prompt injection failures than GPT-5.5
OpenAI has unveiled a cybersecurity-focused AI model called GPT-Red. As AI systems become major targets of cyber attacks, OpenAI is using GPT-Red to protect GPT-5.6 against prompt-injection attacks.
According to the AI developer, GPT-Red delivered a sixfold reduction in direct prompt injection failures compared with GPT-5.5. Last year, OpenAI started using an automated AI-based attacker to reduce vulnerabilities in its AI browser, ChatGPT Atlas.
What is OpenAI’s GPT-Red?
GPT-Red is an internal AI system that automates threat identification by testing models for prompt injection vulnerabilities on a large scale. OpenAI said it has integrated GPT-Red directly into GPT-5.6’s training process. The company said GPT-Red is its most resilient model for addressing this type of AI security threat.
“GPT‑Red is a strong red-teamer, and our previous models are highly vulnerable to its prompt injection attacks. We use GPT‑Red to adversarially train GPT‑5.6, making it much more robust to prompt injections,” OpenAI said in a statement.
The AI company said it has isolated GPT-Red from its other models to ensure the offensive capabilities developed for security testing are not exposed to bad actors who might attempt to bypass AI safety protections.
How Does GPT-Red Work?
GPT-Red is designed to complete red-teaming tasks automatically. Red teaming refers to the deliberate testing of software to uncover vulnerabilities. This task is often performed manually by human security teams.
Like a human security red-teamer, GPT-Red tests AI models by generating prompts, analyzing their responses, and refining attack methods to uncover vulnerabilities. The system helps identify potential risks, such as attempts to manipulate models into revealing sensitive data or performing unintended actions.
OpenAI’s AI hacking tool comes at a time when prompt injection attacks continue to pose a major challenge for large language models. Malicious instructions hidden in emails, web pages, tool outputs, or code repositories can be used to influence model behavior and compromise AI system security.
With GPT-Red, OpenAI is looking to scale human-led security testing. The cybersecurity model will enable researchers to discover new vulnerabilities, strengthen model resilience, and develop effective safeguards before deploying AI systems.
Anthropic has also developed Claude Mythos, a cybersecurity security system that detects vulnerabilities, simulates attacks, and strengthens defenses. While Claude Mythos can be used by other companies, GPT-Red is for OpenAI’s internal use.
What Does GPT-Red Mean for OpenAI’s Competitiveness?
With AI security concerns growing among enterprises, GPT-Red could become a significant competitive advantage for OpenAI. GPT-Red represents a shift in OpenAI’s AI development strategy. While the company is training AI models to generate better responses and complete tasks, it is also training them to withstand attacks.
This shift gives OpenAI an edge in the race for enterprise customers, regulators, and users who prioritize AI security. By automating red-teaming capabilities and embedding them into its model development pipeline, OpenAI can identify vulnerabilities faster and reduce the risks associated with deploying powerful AI systems.
