Lisbon · Tuesday, 14 Jul 2026 NB Edition · Nº 076
← Back to news
Inteligência Artificial · Cibersegurança NB-L076

OpenAI's new AI for finding software flaws went to the US government first

OpenAI opened GPT-5.6 Sol, its most capable model for cybersecurity, to everyone, after debuting it under limited, US-government-coordinated access. What changes, and why the same tool can both defend and attack.

OpenAI's new AI for finding software flaws went to the US government first
FIG. NB-L076 · Inteligência Artificial · Cibersegurança

On June 26, 2026, OpenAI unveiled GPT-5.6, a family of three artificial-intelligence models named after celestial bodies: Sol, Terra, and Luna. Sol is, in the company's own words, its "most capable model yet for cybersecurity." What made the launch unusual was not the power but the door in. Access started closed, limited to a small group of partners and coordinated with the United States government, and only became available to everyone on July 9.

Cybersecurity is a dual-use field. The same capability that helps a defender find and fix a flaw in a program can, in the wrong hands, be used to exploit it. That ambiguity is what explains all the caution around Sol.

Three models, one tuned to find flaws

The family splits the work three ways. Sol is the flagship, aimed at long-horizon security tasks such as vulnerability research. Terra is the balanced everyday model, with performance comparable to GPT-5.5 but, according to OpenAI, twice as cheap. Luna is the fastest and most affordable, at $1 per million tokens in and $6 out (tokens are the fragments of text these models count).

On the benchmark the company rests its cybersecurity claim on, ExploitBench, a standardized test that measures the ability to find and exploit flaws, OpenAI says Sol matches rival Mythos Preview using only about one-third of the output tokens. In other words, it reaches the same result with far less computing effort. The company adds that the model already runs on Cerebras, a platform of specialized chips, at up to 750 tokens per second.

Why access started closed

OpenAI says it launched Sol with "our most robust safety stack to date." In practice, that means protections trained into the model, real-time checks during generation, and weeks of pressure-testing against real-world attacks. The stated goal is to preserve legitimate uses, such as code review, vulnerability research, patch development, and security education, while blocking offensive use.

At the US government's request, the company began with limited access for a small group of trusted partners, whose participation was shared with the authorities, before opening it to everyone. OpenAI itself notes that it does not think a government-mediated access process should become the long-term default, because it keeps the best tools away from those defending systems. There is also a technical caveat worth underlining. According to the company, Sol is better at helping people find and fix flaws than at reliably carrying out attacks, and in testing it did not produce a complete, working exploit chain on its own.

What changes for users

Since July 9, GPT-5.6 is no longer exclusive. It became available in ChatGPT, in Codex, through the developer interface (API), and in GitHub Copilot. For the ordinary user, the most visible change is not the model's power but the behavior of the safeguards. OpenAI warns that, during this phase, some legitimate requests may be refused or paused for extra review, precisely because the line between defensive and offensive activity is not always obvious at first glance.

It remains to be seen whether the government-mediated debut repeats in future launches, or whether it was an exception driven by the sensitivity of cybersecurity. In between sits a tool that can defend and attack the same software, now in the hands of many more people, with safeguards its own maker admits cannot foresee every form of abuse.

Sources: OpenAI, The Hacker News.

#StaySafe
🙏🖖

BRI assistant

Quer saber sobre um projeto, um serviço ou uma notícia recente? Pergunte. Conheço todo o conteúdo deste site.