{
  "type": "article",
  "title": "An AI That Attacks AI: How OpenAI Trained a Bot to Expose Weak Spots in GPT-5.6",
  "summary": "OpenAI has built GPT-Red, an automated system that attacks its own language models to hunt down security flaws. The company says it made GPT-5.6 far more resistant to prompt injection attacks before release.",
  "content": "For years, human experts have been the ones trying to break AI systems and expose their weak spots. OpenAI has now handed that job to another AI. The company has unveiled GPT-Red, an automated system built to find security vulnerabilities inside its own language models. In plain terms, it is an AI whose entire purpose is to attack other AI.\n\nThe name comes from a long-standing cybersecurity practice called red teaming, where you deliberately try to break a system in order to find its weaknesses before real attackers can exploit them.\n\nHardening GPT-5.6 before launch\nIn a post on Wednesday, OpenAI said the tool helped make GPT-5.6 more resistant to prompt injection attacks before it was deployed. Writing on X, the company argued that as model capabilities grow, safety and alignment have to scale alongside them. Red-teaming is essential, it said, but today's approaches are hard to scale, and that creates a critical bottleneck. GPT-Red, it added, is one way it is addressing that problem.\n\nA system that learns by fighting itself\nAccording to OpenAI, GPT-Red was trained through self-play reinforcement learning. In this setup, the system generates progressively stronger prompt injection attacks, while defender models learn to resist them. Those attacks were then folded into GPT-5.6's own training process. The results were striking: in internal evaluations, GPT-Red succeeded in 84% of scenarios, compared with just 13% for human red teamers running the same tests.\n\nThe company explained that GPT-Red learns through adversarial self-play, with the goal of prompt injecting a range of challenging defender models. Every successful attack it uncovers is used to strengthen those defenders, which in turn pushes GPT-Red to keep finding broader and more complex failures.\n\nThe vending machine that got tricked\nTo illustrate the point, OpenAI shared a case study. In it, the system manipulated an autonomous vending machine agent into lowering prices, ordering discounted inventory, and even canceling another customer's order. The vulnerabilities were later disclosed and fixed.\n\nYears of work after ChatGPT\nGPT-Red is the product of years of cybersecurity effort that followed the public launch of ChatGPT. In 2023, OpenAI set up its OpenAI Red Teaming Network, bringing in outside cybersecurity researchers and domain experts to probe ChatGPT and other models for flaws before release. GPT-Red takes that idea further by automating much of the process, generating prompt injection attacks and other adversarial tests at a scale that would be difficult for human researchers working alone.\n\nThe announcement reflects a broader shift toward using AI to secure AI. Earlier this month, the Ethereum Foundation said it had deployed AI agents to red-team critical network infrastructure, uncovering a vulnerability in software used by Ethereum consensus clients. Researchers noted that AI agents can search far larger codebases than humans, but the real challenge has moved from finding potential bugs to proving which ones are actually exploitable.\n\nWhy it will stay behind closed doors\nOpenAI says GPT-Red will remain an internal tool, because it contains intentionally developed offensive capabilities. The company believes that with GPT-Red it has begun to unlock a similar flywheel for safety, where today's models can be used to make tomorrow's models more robust, aligned, and trustworthy.\n\nWhat this means for you\n• For users: A GPT-5.6 that better resists prompt injection could make everyday AI tools like ChatGPT more trustworthy to rely on.\n• For developers: Building AI agents that resist manipulation, like the vending machine agent that was tricked, may become easier as these defenses improve.\n\nQuestions & Answers\n\n1. What is GPT-Red?\nIt is an automated AI system built by OpenAI that attacks the company's own language models to find security vulnerabilities in them.\n\n2. Which model was GPT-Red used on?\nThe tool was used to make GPT-5.6 more resistant to prompt injection attacks before it was deployed.\n\n3. How did GPT-Red compare to human red teamers?\nIn internal evaluations, GPT-Red succeeded in 84% of scenarios, compared with just 13% for human red teamers running the same tests.\n\n4. What happened in the vending machine example?\nThe system manipulated an autonomous vending machine agent into lowering prices, ordering discounted inventory, and canceling another customer's order.\n\n5. Will GPT-Red be available to the public?\nNo. OpenAI says it will remain an internal tool because it contains intentionally developed offensive capabilities.\n\n6. How is the Ethereum Foundation connected to this?\nEarlier this month the Ethereum Foundation also deployed AI agents to red-team its network infrastructure, uncovering a vulnerability in software used by Ethereum consensus clients.",
  "url": "https://trendkia.com/en/ai/eai-se-eai-para-hamala-openai-ne-banaya-vo-sistama-jo-gpt-5-6-ki-kamajoriyan-khuda-dhundhata-hai-7978",
  "category": "AI",
  "publishedAt": "2026-07-15",
  "tags": [
    "OpenAI",
    "GPT-Red",
    "GPT-5.6",
    "Prompt Injection",
    "AI Security",
    "Red Teaming",
    "ChatGPT",
    "Ethereum Foundation"
  ],
  "language": "en",
  "site": "TrendKia"
}