OpenAI's GPT-Red Trounces Humans 84% to 13% in Red-Team Showdown Against Itself 🤖
OpenAI deployed an automated red-teaming system called GPT-Red to harden GPT-5.6 against prompt injection attacks before release, the company said in a Wednesday post. GPT-Red, trained through self-play reinforcement learning, generated progressively stronger adversarial prompts while paired defender models learned to resist them. OpenAI reported GPT-Red succeeded in 84% of internal evaluation scenarios, compared with 13% for human red teamers in identical tests. "GPT-Red learns through adversarial self-play, where its goal is to prompt inject a variety of challenging defender models," OpenAI wrote. "Every successful attack that GPT-Red finds is used to improve these defenders, pushing GPT-Red to continuously find broader and more complex failures."
The company disclosed a case study in which the system manipulated an autonomous vending machine agent into lowering prices, ordering discounted inventory, and canceling another customer's order before the underlying vulnerabilities were addressed. Successful attack traces were folded into GPT-5.6's training process. "As model capabilities grow, safety and alignment must scale with them," OpenAI wrote on X. "Red-teaming is essential, but today's approaches are difficult to scale, creating a critical bottleneck. GPT-Red is one way we're addressing it."
GPT-Red extends the OpenAI Red Teaming Network launched in 2023, which recruited outside cybersecurity researchers and domain experts to probe ChatGPT and other models prior to release. The new system automates much of that workflow, using an AI model to produce prompt injection attacks and other adversarial tests at a scale OpenAI said would be difficult for human researchers alone. "We believe with GPT-Red that we have started to unlock a similar flywheel for safety, where today's models can be used to make tomorrow's models more robust, aligned, and trustworthy," the company wrote. OpenAI stated GPT-Red will remain an internal tool because it contains intentionally developed offensive capabilities.
The release comes as other organizations apply AI agents to infrastructure red-teaming. Earlier this month, the Ethereum Foundation said it had deployed AI agents to red-team critical network infrastructure, uncovering a vulnerability in software used by $ETH consensus clients. Researchers cited in the announcement said AI agents can search larger codebases than humans, but the central challenge has shifted from finding potential bugs to proving which ones are exploitable.
Share Article
Quick Info
Disclaimer: This content is for information and entertainment purposes only. It does not constitute financial, investment, legal, or tax advice. Always do your own research and consult with qualified professionals before making any financial decisions.
See our Terms of Service, Privacy Policy, and Editorial Policy.