OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards

OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards Ravie LakshmananJun 27, 2026Artificial Intelligence / Vulnerability Research OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficiency and power, and Luna is fine-tuned for speed and affordability. "GPT‑5.6 Sol launches with our most robust safety stack to date. We strengthened protections for higher-risk activity, sensitive cyber requests, and repeated misuse, and spent multiple weeks finding weaknesses, pressure-testing our system, and hardening it against real-world attacks," OpenAI said. The model has also been touted as the "most capable model yet" for cybersecurity, making it much more suitable for vulnerability research and exploitation. On ExploitBench , GPT‑5.6 Sol is competitive with Anthropic Mythos Preview using only about one-third of the output tokens, OpenAI noted. The goal, it added, is to enable access to legitimate work such as code review, vulnerability research, patch development, debugging, security education, and defensive testing, while enforcing strong guardrails that block offensive activity and swiftly remediating newly discovered jailbreaks. This includes adversarial attempts to jailbreak the model and refuse what it describes as "prohibited cyber assistance."  "As these capabilities continue to advance, our priority is to make sure they reach and benefit defenders, who can use these tools to find weaknesses, develop patches, and strengthen systems more broadly," the artificial intelligence (AI) company explained. That said, OpenAI is also warning that there may be scenarios during the preview phase where users may encounter safeguards that block or refuse legitimate requests, or have their requests paused for additional review, owing to the "dual-use" nature of the technology. According to OpenAI's GPT-5.6 Preview System Card, although the model is more adept at finding vulnerabilities in code and developing exploits, the capabilities do not extend to carrying out autonomous, end-to-end attacks against hardened targets or weaponizing those cyber vulnerabilities in real attacks. "Separate evaluations examined misaligned behavior in agentic coding tasks and found GPT-5.6 shows a greater tendency than GPT-5.5 to go beyond the user's intent, including by taking or attempting actions that the user had not asked for, though absolute rates remain low," it pointed out. An evaluation of GPT-5.6 Sol against widely deployed hardened software projects using VulnLMP, which is OpenAI's internal framework designed to test end-to-end exploit chain development against real-world targets, has found the model to produce credible memory safety leads, some of which could lead to disclosure, mutation, or control flow corruption. "This suggests that substantial parts of real world vulnerability research are becoming increasingly automatable when models are paired with tool use, build systems, and verification infrastructure," the tech upstart said. OpenAI intends to make GPT‑5.6 Sol, Terra, and Luna generally available in the coming weeks, and it previewed the model capabilities to the U.S. government. It's also launching a limited preview for a small group of trusted partners whose participation has been approved by the government before a broader launch. Earlier this month, U.S. President Donald Trump signed an executive order on AI and cybersecurity, calling for the creation of a framework that grants the federal government the ability to evaluate AI models' capabilities and determine which qualify as "covered frontier models," a designation for AI systems with advanced cyber capabilities. The staggered release comes days after the company released an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative and launched a new project called Patch the Planet in collaboration with Trail of Bits to help secure open-source projects. It also follows the U.S. government's decision to permit Anthropic to release its Mythos AI model to a group of about 100 trusted companies and federal government agencies that "operate and defend critical infrastructure," more than two weeks after the powerful cybersecurity-focused models were pulled from the market. "We're restoring access for these organizations quickly, and we're continuing to work with the government to expand access to Mythos 5 and make Fable 5 available for general use again," Anthropic said in a statement posted on X. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  AI Safety, Anthropic, artificial intelligence, critical infrastructure, cybersecurity, Exploit Development, GPT-5.6, OpenAI, Vulnerability Research ⚡ Top Stories This Week Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis Load More ▼ ⭐ Featured Resources AI Can’t Stop Every Attack. Learn How Zero Trust Can Block What’s Unknown Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale [Watch Demo] See Which Security Gaps Attackers Could Exploit First Have You Outgrown Your MDR? 7 Warning Signs Every CISO Should Check