Jul 18, 2026 · 7:35 AM
Subscribe
Home Ai

UK Safety Regulator Finds Jailbreaks That Turn GPT-5.6 Sol Into a Hacking Tool

The UK's AI Security Institute found universal jailbreaks in OpenAI's GPT-5.6 Sol that unlock autonomous vulnerability discovery and exploit development. A viral claim that Sol now beats Claude Mythos 5 on cybersecurity doesn't match the actual benchmark scores, which remain close and mixed between the two labs.

Julian Lim
· 4 min read · 541 views
UK Safety Regulator Finds Jailbreaks That Turn GPT-5.6 Sol Into a Hacking Tool

Britain's AI safety regulator found universal jailbreaks in GPT-5.6 Sol, and the finding is more useful than another Reddit fight over whether OpenAI or Anthropic is ahead on cyber benchmarks.

The UK's AI Security Institute, known as AISI, found universal jailbreaks in GPT-5.6 Sol, OpenAI's newest flagship model, after getting pre-deployment access to the system. According to a Fortune report published July 10, 2026, the bypasses let testers push the model past safeguards meant to block high-risk cyber work, including vulnerability discovery and exploit development. OpenAI's own system card says some of the jailbreaks were developed within hours.

That timing matters. OpenAI previewed GPT-5.6 on June 26 and published the system card with its July rollout, describing Sol, Terra and Luna as High capability for cybersecurity under its Preparedness Framework. That doesn't mean the models crossed OpenAI's highest Critical threshold. It does mean the company knows these systems can help with the kind of work security teams spend real money trying to control.

OpenAI didn't deny the basic finding. Its system card says UK AISI identified universal jailbreaks in every testing round so far, and that OpenAI had reproduced and mitigated the specific jailbreaks reported before launch. That's a useful caveat. It's also not much comfort if you're deciding whether to let a frontier model touch sensitive code, internal tickets or live security tooling.

The Benchmark Fight Is Too Small

A r/singularity discussion this week tried to turn the story into a league table, with users arguing that GPT-5.6 Sol had pulled ahead of Anthropic's Claude Mythos 5 on cybersecurity. Don't get too attached to that framing. The public numbers are messier than the claim.

OpenAI's launch materials put GPT-5.6 Sol at 73.5% on ExploitBench, a benchmark that measures progress from reaching vulnerable code toward arbitrary code execution. Anthropic's own published table has Claude Mythos 5 at 78.0% on ExploitBench. On CyberGym, OpenAI's system card says its strongest universal jailbreak preserved almost all measured task performance when blocking was disabled, with 83.0% task success versus 83.6% for Sol without the jailbreak. BenchmarkList lists Mythos 5 at 83.8% on CyberGym.

So no, one clean winner isn't the story.

The useful point is that both labs are now operating in the same dangerous neighborhood. Sol appears stronger than GPT-5.5 on OpenAI's own cyber evaluations, while Mythos 5 still has a narrow lead on some published offensive benchmarks. These gaps are small enough that your security policy shouldn't depend on which model is four points ahead this month.

Speed is the part you should care about. AISI has estimated that frontier cyber-offense capability is doubling roughly every four months, faster than the seven-month pace it measured at the end of 2025. Frankly, that curve matters more to a chief information security officer than a Reddit scoreboard.

Washington Has Already Used the Playbook

There is recent precedent for how seriously governments are treating this. Anthropic said its Claude Fable 5 and Mythos 5 models were released on June 9 and then hit by U.S. export controls on June 12, after Amazon researchers found a bypass in Fable 5's safeguards. Anthropic suspended access because it couldn't verify user nationality quickly enough, then said the controls were lifted on June 30 and access was restored July 1.

That's a fast reversal.

Fortune reported that the GPT-5.6 Sol jailbreaks looked potentially more severe because AISI described them as universal and tied them to agentic exploit work, not just finding software flaws. There is an important limit here: AISI had grey-box access, including policy wording, safety-monitor chain of thought and classifier feedback that ordinary attackers wouldn't see. OpenAI says that kind of access helps trusted testers find problems early. It also proves how much the safeguards still depend on attack cost staying high.

If a comparable finding around Sol ever draws the same kind of Washington scrutiny, OpenAI could face its own access disruption. Nothing in the public record says that is imminent. But the precedent now exists, and companies building on these models should treat that as an operational risk, not a political sideshow.

For enterprise security teams, the direct call is simple: don't outsource your threat model to a vendor label. Red-team the model in your own environment before deployment. Keep it away from production secrets unless the use case truly requires them. Log the tool calls. Limit network access. Assume the first safeguard will fail and design the second one before you need it.

Whichever lab pulls ahead on ExploitBench or CyberGym, the more consequential number is still the doubling time. Months, not years. That's the pace your security planning has to survive.

Also read: Databricks Hits $188 Billion Valuation With New $3 Billion Coatue RoundGemini 3.5 Pro's Delay Just Cost Alphabet Nearly $200 Billion in a DayVisa and Mastercard Just Joined a New Standard for AI Agent Payments

TOPICS
Julian Lim is an entrepreneur, technology writer, and a researcher. He started JL Data Analysis after graduating from NUS in Intelligent Systems. Julian writes about technology innovations and entrepreneurship on Business Times, Asia Pacific Magazine and occasionally contributes to Startup Fortune.
Related Articles
More posts →
Loading next article…
You're all caught up