公司动向The Decoder5/10

OpenAI is now using AI to attack its own AI, and it's working better than humans ever did

By Matthias Bastian

OpenAI is now using AI to attack its own AI, and it's working better than humans ever did
图源:The Decoder

AI 摘要

OpenAI's internal GPT-Red model finds successful attacks in 84 percent of test scenarios through self-play training. Human red teamers manage just 13 percent. The results feed directly into hardening models like GPT-5.6 Sol. The article OpenAI is now using AI to attack its own AI, and it's workin

原文正文

OpenAI is now using AI to attack its own AI, and it's working better than humans ever did

OpenAI trained an internal AI model called GPT-Red to automatically find security flaws in GPT models. GPT-Red simulates prompt injections and other attacks where malicious instructions hide in emails, websites, or files. Trained via self-play reinforcement learning, GPT-Red attacks while defender models block, and both improve over time. It finds successful attacks in 84 percent of test scenarios versus 13 percent for human red teamers. In one test, it manipulated an AI-powered vending machine in OpenAI's office, changed prices, and canceled other customers' orders.

The results feed directly into training. GPT-5.6 Sol shows six times fewer failures on direct prompt injections than the best model from four months ago, OpenAI says, without hurting general performance. But about 3.8 percent of "stronger" prompt injections still succeed. Scale that to hundreds or thousands of attempts, and a sizable number get through, similar to Claude Opus 4.5.

GPT-Red stays internal; a paper with more details will follow.

AI News Without the Hype – Curated by Humans

Subscribe to THE DECODER for ad-free reading, a weekly AI newsletter, our exclusive "AI Radar" frontier report six times a year, full archive access, and access to our comment section.

Subscribe now

阅读原文
OpenAI is now using AI to attack its own AI, and it's working better than humans ever did · AI Daily