OpenAI Introduces GPT-Red: An Internal Automated Red-Teaming Model for Prompt Injection
OpenAI published details on GPT-Red, an internal automated safety red-teaming model designed to find prompt injection vulnerabilities at scale and strengthen defenses before broader deployment.
OpenAI introduced GPT-Red, an internal-only automated red-teaming model designed to find prompt injection vulnerabilities at scale and help strengthen defenses before wider deployment (OpenAI on X).
What GPT-Red is
According to OpenAI, GPT-Red is their “current best automated safety red-teaming model,” built to uncover vulnerabilities and generate attacks that can be incorporated into training to improve robustness (OpenAI blog).
OpenAI says GPT-Red is kept separate from the models they deploy so that the malicious capabilities they train into it are not released broadly (OpenAI blog).
What it does (and why it matters)
OpenAI describes GPT-Red as an agent that iterates toward a goal by sending prompts, observing model responses, and refining its approach, with a focus on discovering failures such as successful prompt injections (OpenAI blog).
OpenAI’s blog post highlights prompt injection risks in tool-using AI systems (e.g., content embedded in emails, webpages, tool responses, or code repositories) and frames GPT-Red as a way to harden models against those attacks before broader deployment (OpenAI blog).
Reported results
OpenAI reports that its latest production model, GPT-5.6 Sol, achieved “6× fewer failures” on its hardest direct prompt injection benchmark compared to OpenAI’s best production model from about four months earlier (OpenAI blog).
OpenAI also reports that on a replicated “indirect prompt injection arena” benchmark, GPT-Red succeeded in 84% of scenarios vs. 13% for humans (OpenAI blog).
Availability
OpenAI says GPT-Red is internal-only and is used to improve the robustness of models that are deployed more widely (OpenAI blog).