OpenAI is now using AI to attack its own AI, and it’s working better than humans ever did

Disclosure: Some links in this article are affiliate links. AI Maestro may earn a commission if you make a purchase, at no…

By Vane July 15, 2026 1 min read
OpenAI is now using AI to attack its own AI, and it’s working better than humans ever did

OpenAI has deployed an internal artificial intelligence system named GPT-Red to identify security flaws in its own models, a process that has proven more effective than human testing. This tool simulates prompt injections and other malicious instructions found in emails, websites, or files. Trained through self-play reinforcement learning, GPT-Red attacks while defender models block, allowing both sides to improve over time. The system successfully identified attacks in 84 percent of test scenarios, compared to just 13 percent for human red teamers. In one specific test, it manipulated an AI-powered vending machine in OpenAI’s office by changing prices and cancelling other customers’ orders.

These results feed directly into training, with the latest GPT-5.6 Sol model showing six times fewer failures on direct prompt injections than the best model from four months ago. OpenAI states this improvement did not hurt general performance, though about 3.8 percent of stronger prompt injections still succeed. Scaling this failure rate to hundreds of attempts means a sizable number of attacks get through, similar to issues seen in Claude Opus 4.5. The system remains internal, and a paper with more details will follow.

  • GPT-Red uses self-play reinforcement learning to iterate faster than humans.
  • 60 percent more attacks were found by the AI than by people.
  • A vending machine in the office was successfully hacked during testing.
Scroll to Top