The UK AI Security Institute (AISI) disclosed that it identified "universal jailbreaks" in the cyber domain within OpenAI's newly launched GPT-5.6 Sol model, including jailbreaks that allowed long-form agentic task completion in areas like vulnerability discovery and exploit development. The finding directly contradicts OpenAI's own marketing of GPT-5.6 as its strongest cybersecurity model to date.
AISI's characterization of the jailbreaks as "universal" is the more serious detail -- it means the vulnerability isn't a narrow, easily-patched prompt-engineering trick, but a systemic gap in the model's safety guardrails that consistently unlocks restricted capability across a range of inputs. AISI further noted the jailbreaks appear to be potentially more severe than a comparable vulnerability found in Anthropic's Fable 5, because they unlock the ability to conduct autonomous exploits directly, rather than just identifying software vulnerabilities that would still require human action to weaponize.
The precedent here matters enormously. Researchers at Amazon discovered a jailbreak in the guardrails of Anthropic's Fable 5 model just days after its June 9 release, one that similarly unlocked cyber capabilities -- including the ability to find software vulnerabilities -- that were supposed to be gated off from average users. That discovery prompted the US government to impose export controls on both Fable 5 and its smaller sibling Mythos 5 on June 12, restricting international access to the models over national-security concerns.
GPT-5.6's jailbreak vulnerability, surfacing barely a month after the Fable 5 precedent and from an even more rigorous evaluator in AISI, puts OpenAI in a genuinely uncomfortable position: the same government apparatus that restricted a rival's model over comparable findings now has a documented basis to consider similar action against GPT-5.6, right as OpenAI is rolling the model out as the backbone of ChatGPT Work's enterprise push and marketing it explicitly on its cybersecurity strength.
The episode reinforces a pattern playing out across every frontier lab simultaneously: as models get more capable at general reasoning and coding, that same capability increasingly transfers directly into offensive cyber capability, and safety evaluations by independent bodies like AISI are becoming the critical bottleneck determining whether a model ships broadly, ships restricted, or faces export controls after the fact.
For enterprise buyers evaluating GPT-5.6 for security-sensitive workloads, including exactly the kind of connected, cloud-running agent tasks ChatGPT Work is built around, the AISI finding is a reason to demand independent safety-evaluation transparency before deployment, not just take a lab's own marketing claims at face value. For founders building on top of frontier models, the Fable 5 and GPT-5.6 pattern suggests export-control risk is now a live, recurring feature of the frontier-model landscape rather than a one-off regulatory response.
The bear case: universal jailbreaks discovered by a national security agency don't necessarily translate into export controls -- the Fable 5 case may reflect a specific, escalated US government posture rather than an automatic regulatory response every time a similar vulnerability surfaces. What to watch next: whether the US government opens a formal review of GPT-5.6 comparable to the Fable 5 process, and whether OpenAI patches the specific universal jailbreak AISI identified before or after any government response.