OpenAI has introduced GPT-Red, an internal automated red-teaming system that uses self-play to identify prompt injection vulnerabilities across its AI models at scale. The new system acts as a dedicated adversary that stress-tests AI models before malicious users can exploit weaknesses. As a result, the company aims to improve model security and resilience ahead of public releases.
How GPT-Red strengthens AI models
GPT-Red operates as a high-capability adversary that systematically probes how AI models respond to attacks. Instead of relying only on human testers, the system continuously challenges models with adversarial prompts to uncover hidden vulnerabilities.
Moreover, GPT-Red played a key role in training GPT-5.6, the company’s latest flagship AI model family released on July 9. This process improved the model’s resistance to prompt injection attacks through adversarial training.
Before GPT-5.6 became publicly available, the company dedicated around 700,000 A100e GPU hours to automated black-box red teaming. Consequently, the testing process systematically identified likely weak points, exposed jailbreak techniques, and strengthened the model before launch. GPT-Red now formalizes that large-scale testing infrastructure into a dedicated self-play system.
Growing focus on AI safety
The launch comes as advanced AI models face increasing scrutiny because of their potential dual-use capabilities. GPT-5.6 received a “High” capability rating for both cybersecurity and biological risks under the Preparedness Framework. However, it remained below the “Critical” threshold in both categories.
Meanwhile, an independent AI safety assessment confirmed earlier this year that GPT-5.5 had already demonstrated frontier-level cyber capabilities. Therefore, automated security testing has become increasingly important as AI systems continue to grow more capable.
The company has expanded its automated red-teaming efforts over the past year. Earlier initiatives included hiring researchers to develop scalable systems that continuously uncover model failure modes. In addition, it organized a public red-teaming challenge with a $500,000 prize pool for its open-weights model.
Looking ahead
GPT-Red marks another step toward automated AI security testing. By using self-play to identify emerging vulnerabilities, the system can evolve alongside increasingly powerful AI models. Furthermore, this approach aims to strengthen AI safety, improve alignment, and enhance protection against prompt injection attacks before new models reach users.








