What is prompt injection and why should you care?
Before we dive into the technical details, it's important to understand the problem itself. Prompt injection is a technique where an attacker uses input text to trick an AI model into ignoring its original safety instructions and acting differently than intended. This could be an attempt to generate hateful content, extract sensitive data, or bypass the model's restrictions.
For an average user, this might mean interacting with a chatbot that has been "talked into" dangerous behavior. For businesses, however, it represents a critical risk: if a company integrates AI into its systems (for example, for email analysis or data management), an attacker can use external data (a webpage, a document) to "hack" the AI agent and gain access to internal information.
GPT-Red: When AI learns through combat
The traditional approach to ensuring safety, known as red teaming, involves human experts (cybersecurity specialists) trying to "break" the model and find its weaknesses. However, this process is slow, expensive, and has its limits – the human mind cannot generate an infinite number of attack variants as quickly as models evolve.
That's why OpenAI created GPT-Red. This model uses a method called self-play reinforcement learning. In practice, this means GPT-Red acts as a tireless attacker that continuously generates new, complex ways to bypass the GPT-5.6 model's security. These "attacks" are then used to train the model itself to become resistant to them.
According to official reports from OpenAI, an incredible amount of computing power was allocated to this process – over 700,000 GPU hours dedicated purely to automated red teaming. The results are staggering: for the GPT-5.6 Sol variant, the failure rate during prompt injection attempts dropped to just 0.05%, representing a sixfold improvement over the previous generation of models.
The GPT-5.6 family: Sol, Terra, and Luna
The new version isn't just a single model, but an entire family optimized for different needs. OpenAI divided the models into three variants:
- Sol: Likely the most robust and intelligent variant, designed for critical applications requiring maximum security.
- Terra: A balanced model for regular business use and complex tasks.
- Luna: A faster and presumably cheaper version optimized for simple yet speedy tasks.
If we were to compare these models to competitors such as Claude 3.5 Sonnet by Anthropic or Gemini 1.5 Pro by Google, OpenAI is clearly positioning itself in the area of "safety engineering" here. While Claude is known for its ethical stability and Gemini for excellent ecosystem integration, GPT-5.6 aims for proactive defense using autonomous agents (GPT-Red) – an approach that has not yet seen this level of automation in the field.
Economic impact: Cheaper AI for developers
An interesting byproduct of this development is cost reduction. OpenAI states that thanks to a technique called outcome-first prompting guidance, API token costs for GPT-5.6 can be reduced by up to 66–67%. This is significant news for startups and developers building LLM-powered applications, as more efficient prompting means lower operating costs while maintaining high response quality.
What does this mean for Czech companies and EU regulation?
For the Czech market, this development is highly relevant. OpenAI models are available as standard in the Czech Republic through both the API and ChatGPT subscriptions, with Czech language support across many GPT models being at a top-tier level. Companies in the Czech Republic planning to implement AI agents into their processes (e.g., in finance or customer support) gain a tool with significantly higher resilience against cybercrime.
In the context of European legislation, specifically the EU AI Act, the safety aspect is crucial. The European Union places great emphasis on the robustness and security of high-risk AI systems. OpenAI's ability to demonstrate that the model was tested using massive, automated red teaming can significantly ease compliance for European enterprises that use these models in their systems.
Is GPT-5.6 also safe for processing sensitive corporate data?
Thanks to the GPT-Red technology and the drastic reduction in prompt injection attack success rates, the model is significantly more resilient than previous versions. However, when working with sensitive data within the EU, it is always recommended to use the API with enterprise privacy settings so that data is not used to train public models.
What is the price for using GPT-5.6?
Pricing varies by variant (Sol, Terra, Luna) and type of usage (ChatGPT Plus vs. API). For the API, prices are standardly charged per token in USD. For Czech users, it's important to monitor current exchange rates and utilize the aforementioned "outcome-first prompting" technique, which can reduce costs by up to 2/3.
Can GPT-Red "take over" the model?
No, GPT-Red is not an autonomous agent that decides how ChatGPT operates. It is a closed training tool used exclusively to find weaknesses during the model's development and learning process, not for its real-time operation for end users.