When a jailbreak becomes a trade weapon: GPT-5.6's cyber guardrails buckle under UK testing

🕒 Published on Zendoric: July 12, 2026 · 00:14
Britain's AI Security Institute says GPT-5.6 Sol can be tricked into autonomous vulnerability discovery and exploit development, echoing the flaw that got Anthropic's Fable 5 export-controlled. The real story isn't one broken model — it's that offensive capability is outrunning defense.
We'll send you a confirmation email (double opt-in). Privacy.
The facts first, and they deserve to be stated without drama. The U.K. AI Security Institute (AISI), testing GPT-5.6 Sol before release, reported "universal jailbreaks in the cyber domain" — prompts that bypassed OpenAI's guardrails and let the model complete long-form agentic tasks like finding software vulnerabilities and developing exploits. AISI said the jailbreaks were often built within hours, though it had privileged access to the model's internals that a normal user would not. OpenAI says it reproduced and mitigated the specific attacks, without detailing how robust the fix is, and AISI itself warns that further red-teaming "expects" to surface more.
The context is what makes this more than a routine security note. In June, a jailbreak Amazon found in Anthropic's Fable 5 prompted the U.S. government to impose export controls on Fable 5 and its underlying Mythos 5 model within days — forcing Anthropic to disable the models entirely because it couldn't verify user nationality. The AISI's description suggests GPT-5.6's weaknesses are similar in kind. In other words, the same class of flaw that turned one company's flagship into a restricted export now appears to sit inside its main rival's newest model.
We've argued before that a frontier model's guardrails have quietly become a geopolitical asset, not just a product feature — and this is that thesis playing out in real time. The saturated cyber benchmarks (Cybench-style pass@k near 100%) tell us nothing here; what discriminates is exactly this kind of expert, unguided agentic testing, and it keeps finding that offensive discovery is the easy part. DarkTrace's Margaret Cunningham frames it well: the worry isn't one jailbroken model, it's that "offensive discovery is speeding up while defense still depends on very human processes." That asymmetry — machines finding flaws at machine speed, humans still deciding what to patch — is the actual risk, and it's a short-term one.
Our reading: don't read this as "GPT-5.6 is dangerous" or as "OpenAI failed." Read it as evidence that the industry's honesty is improving even as the underlying problem hardens. OpenAI publishing AISI's unflattering findings in its own system card, voluntary pre-release testing by a government lab, a coordinated remediation process — this is what evidence-based governance looks like, and it's healthier than pretending "most secure to date" means secure. The danger is the policy reflex: if every discovered jailbreak triggers an emergency export ban, we regulate the panic instead of the capability, and we punish transparency. The durable fix isn't gating models after the fact — it's investing in defense that moves at the same speed as the offense. Long term, models that can find every vulnerability in your code are also the models that can harden it. Short term, we have to build the defensive half of that promise before the offensive half is fully unleashed.
🔗 Related on Zendoric
Sources & references
Get the analysis by email · free
One email a day analysing the AI essentials. Free, no spam, unsubscribe anytime.
We'll send you a confirmation email (double opt-in). Privacy.


