This week, OpenAI published details of GPT-Red, an internal-only automated red-teaming model. Its job is to attack OpenAI’s own models and find prompt injection vulnerabilities.

OpenAI gives two reasons. Human red-teaming is time-intensive and does not scale. Commonly used robustness evaluations are already saturated by its latest models.

Meanwhile, the attack surface grows. Agents read third-party data through browsers, connected apps, local files, and tools. Those affordances are necessary for real work. They also let an attacker plant a crafted instruction in that data.

What is GPT-Red?

GPT-Red is a model, not a static benchmark or a prompt library. It works like a human red-teamer. It sends a prompt, observes the response, and iterates toward a goal.