MoreRSS

site iconMIT Technology ReviewModify

A world-renowned, independent media company whose insight, analysis, reviews, interviews and live events explain the newest technologies and their commercial, social and polit.
Please copy the RSS to your reader, or quickly subscribe to:

Inoreader Feedly Follow Feedbin Local Reader

Rss preview of Blog of MIT Technology Review

The Download: perimenopause misinformation and China’s latest AI leap

2026-07-17 20:10:00

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology.

There’s a lot of hype around perimenopause. Don’t buy it.

Perimenopause used to be considered taboo, but not anymore. Thanks at least in part to TV doctors and social media influencers, conversations about the sometimes years-long period before menopause are now more open than ever. But the conversation is increasingly shaped by misinformation.

Despite what some marketers will claim, there is no test for perimenopause. That doesn’t mean women should have to put up with symptoms, but treatment suggestions often lack scientific evidence. And not all the symptoms women experience in midlife can be blamed on hormones.

Read the full story on the hype and misinformation surrounding perimenopause.

—Jessica Hamzelou

This article is from The Spark, our weekly climate tech newsletter. Sign up to receive it in your inbox every Wednesday.

The must-reads

I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology.

1 China’s AI gap with the US may have just narrowed
A Chinese startup has released the world’s largest open AI model. (Reuters $)
+ It competes with some Anthropic and OpenAI models. (Gizmodo)
+ The model’s launch sent AI and semiconductor stocks sliding. (Bloomberg $)
+ Chinese Nvidia alternatives are also gaining traction. (SCMP)
+ Xi Jinping pitched China as an AI partner to the developing world. (CNBC)
+ The country is betting big on open-source. (MIT Technology Review)

2 Trump Media is selling instant access to “market-moving’ social posts
It’s developed a new way to monetize the president’s posts. (Quartz)
+ And Trump could profit directly from selling access to his statements. (BBC)
+ Kalshi says it caught Trump’s teleprompter operator insider trading. (Verge)
 
3 Astronomers have found an atmosphere on a nearby Earth-like planet 
It’s the first potentially habitable world known to host an atmosphere. (NYT $)
+ Making it a top contender in the search for aliens. (404 Media)
+ But you need to know how to spot one. (MIT Technology Review)
 
4 A brain implant has restored feeling in a paralysed hand 
The recipient can now feed himself and drink from a cup. (Guardian)  
+ Movement continued when the stimulation was turned off. (New Scientist $)
+ China has approved a world-first brain chip. (MIT Technology Review)
 
5 The EU has told Google to share search data and open up AI on Android
It will be forced to share data with competing search providers. (Ars Technica)
+ And open Android phones to rivals’ AI bots. (WP $)
 
6 Period trackers are hiding privacy problems
New research uncovers how they’re sharing users’ health data. (BBC)
 
7 The Tesla driver in a fatal Texas crash overrode FSD, investigators say
He bypassed the tech by pressing the gas pedal to 100%. (Verge)

8 A new stealth drone spins so fast that it disappears
Though its creators admit it can still be easily heard. (New Scientist $)

9 A space-station study suggests why astronauts’ bodies waste away
Microgravity disrupts mitochondria, reducing protein production. (Nature)

10 “Adversarial clothing” that confuses facial recognition is all the rage
Privacy could be the next big trend. (Guardian)

Quote of the day

“Xi’s message is clear: China is not going to follow anyone on both AI technology and ​standards. Instead, China is going to lead the world in both aspects.” 

—George Chen, chair in digital practice at The Asia Group consultancy, gives Reuters his take on Xi Jinping’s speech at the World Artificial Intelligence Conference (WAIC) in Shanghai.

One More Thing

""
BRYN NELSON


How poop could feed the planet

A new industrial facility in suburban Seattle is giving off a whiff of futuristic technology. It can safely treat fecal waste from people and livestock while recycling nutrients that are crucial for agriculture but in increasingly short supply across the nation’s farmlands. 

It’s among a range of systems reframing feces, urine, and their ingredients as invaluable natural resources to reuse instead of waste products to burn or bury. Several companies are now showing how to safely scale up the transformation with energy-efficient technologies.

Find out how human waste is being transfomed into agricultural solutions.

—Bryn Nelson

We can still have nice things

A place for comfort, fun, and distraction to brighten up your day. (Got any ideas? Drop me a line.)

+ Soccer icons have received the Ghanaian movie poster treatment.
+ A captivating cosmic construction project is July’s Picture of the Month from the James Webb Space Telescope.
+ Sir David Attenborough recently turned 100. Here’s everything he’s ever worked on, all in one place.
+ “Desire paths” are the trails made by people walking contrary to defined routes. This video explains what they mean about psychology and design.

There’s a lot of hype around perimenopause. Don’t buy it.

2026-07-17 17:00:00

Perimenopause has entered the chat. Perimenopause—and its better-known relative, menopause—used to be considered taboo. Not anymore, thanks at least in part to TV doctors and social media influencers. Perhaps it’s my age, but these days, both my algorithm and my conversations with friends increasingly swing toward perimenopause.

Menopause is defined as the life stage that occurs a year after a person has had their last period. Perimenopause is the sometimes years-long period before that point, which can also feature all the symptoms we’d typically associate with menopause.

Today, information about perimenopause is more prevalent and accessible than ever. If you’re a woman in your 40s and you’re not feeling 100%, chances are there’ll be someone online ready to tell you you’re in perimenopause. And that you might want to start spending your money on blood tests, apps, and supplements or demanding hormone replacement therapy. But as regular readers might have guessed by this point, it’s not that simple.

Perimenopause tends to start around the age of 46 or 47. It’s during this time that many women start to experience some symptoms like hot flashes, irregular or unusually heavy periods, or anxiety, for example. And it can be heavy going. “Often symptoms are at their worst in the perimenopause,” says Mary Ann Lumsden, former president of the International Menopause Society.

That’s because hormones can fluctuate wildly. Levels of estrogen, progesterone, luteinizing hormone, and follicle-stimulating hormone can roller-coaster before leveling off after menopause. And that’s why, despite what some marketers will claim, there is no test for perimenopause.

“You can’t interpret hormone [measures] because they change so much,” says Lumsden. “And that is quite normal.”

That doesn’t mean women should have to put up with symptoms. But exactly how those symptoms are treated is another topic that has been clouded by misinformation.

Last week, I told a friend about some unusually bad pelvic pain I’d experienced. Her immediate advice was to find out if I was perimenopausal and, if I was, to request hormone replacement therapy (HRT) as soon as possible. If my doctor wouldn’t prescribe it, she continued, I should simply find another doctor who would.

This line of thinking has been heavily promoted on social media platforms, says Paula Briggs, a former chair of the British Menopause Society who currently leads the menopause service at Liverpool Women’s Hospital. But it’s not helpful.

HRT is essentially designed to top up or replace hormones like estrogen and progesterone, which naturally decline around menopause. There are lots of different drugs that can be taken in lots of different ways and at various doses.

While it does come with some risks and won’t suit everyone, HRT can be immensely helpful for many menopausal women. Not only can it help with many of the common symptoms of menopause, but it can also help prevent osteoporosis and maintain muscle strength.

But these drugs were trialed in, and approved for, menopausal women, says Lumsden. They won’t have the same effects in perimenopausal women. “If you give standard HRT, it may well get swamped by [the woman’s] own hormone production,” she says.

HRT can also cause abnormal bleeding in perimenopausal women, says Briggs.

She’s concerned about the messaging on perimenopause that is being promoted on social media. Particularly worrisome, she says, is the way younger women are being encouraged to assume they are perimenopausal and seek out HRT treatment.

“It’s almost cult-like, this idea that everybody must have HRT,” she says.

And then there are the supplements. There’s been an explosion in marketing for vitamins and supplements specifically targeted to middle-aged and menopausal women. But the evidence for these, too, is either limited or nonexistent. “I can’t see a mechanism for a lot of them,” says Lumsden.

Women who take these supplements don’t always know what they’re getting. Some of Lumsden’s patients have told her they take testosterone supplements to manage their symptoms. But blood tests revealed no increase in testosterone levels. “Whatever they’re getting, it’s not testosterone,” she says.

At any rate, not all the symptoms women experience in midlife can be blamed on hormones. The lengthy lists of perimenopause symptoms shared on social media include fatigue, brain fog, aches and pains, digestive issues, and more. “These do not link closely to the obvious menstrual cycle changes and hormone changes … across menopause,” says Nanette Santoro, a professor of obstetrics and gynecology at the University of Colorado Anschutz who studies menopause.

If you’re experiencing any symptoms, it’s worth getting them checked out to make sure they’re not being caused by something else. My own pelvic pain, for example, is almost definitely the result of endometriosis—a condition that can be made worse by HRT, Lumsden tells me.

At any rate, by the time women reach their 40s, many are already juggling care for children and aging parents, often while holding down a job (and dealing with pressures from societies that don’t appear to value older women). It’s an exhausting time—and not all of that exhaustion can be blamed on hormones.

As Santoro puts it: “Attributing everything unpleasant that happens to a woman over 35 to perimenopause is not based on any scientific evidence.”

This article first appeared in The Checkup, MIT Technology Review’s weekly biotech newsletter. To receive it in your inbox every Thursday, and read articles like this first, sign up here.

The risk of weather data sabotage is rising

2026-07-17 16:57:32

Every morning, airline dispatchers, grid operators, and farmers around the world make decisions based on the same thing: a weather forecast.

While these forecasts are something that most people glance at for two seconds, weather predictions influence major strategic decisions in many industries, with real money, livelihoods, and even actual lives at stake. Farmers use them to determine which crop variety to sow, when to fertilize, how much to invest in irrigation infrastructure, and how long livestock should graze. Utilities use them to decide where to build solar and wind farms, as well as how to price wholesale electricity. Predictions are used to warn people about extreme weather and to trigger emergency response measures. More recently, weather predictions have become relevant for an emerging industry: prediction markets, where people bet money on all kinds of real-world events, including the weather.

However, the temptation to manipulate weather data to get an edge in these markets, combined with a collective move toward data-driven AI weather forecasting, is starting to put the accuracy of weather predictions at risk. These risks are relatively manageable for now, but as experts in the field, we can foresee scenarios where they snowball into far bigger, more systemic problems. 

To develop weather predictions, we need accurate observations of current conditions. These are collected from several sources, including weather stations at airports, utilities, or transport services. Traditional operational systems like the Weather Research and Forecasting model or the European Centre for Medium-Range Weather Forecast (ECMWF) Integrated Forecasting System combine these observations with numerical approximations in order to estimate future weather patterns. 

Sometimes, weather stations have issues because of, for example, instrument failures or upgrades in equipment. These can be caught either in real time (through checking and correction) or retroactively. Traditional forecasting systems also have a built-in safeguard called data assimilation: Every incoming measurement is weighed against what the physical model says should be happening and against readings from nearby stations.

Together, these mechanisms help keep weather observations reliable and predictions robust. However, new threats are putting observational accuracy at risk. Earlier this year, news outlets reported that the weather station at Paris Charles de Gaulle Airport (CDG) had been manipulated to record suspicious temperature spikes on April 6 and April 15, 2026. Authorities speculate that a hand-held hairdryer or lighter might have come into play. Either way, it led to some big payouts for online prediction-market gamblers who had bet it would hit 22 °C (71.6 °F) on days when the actual average was around 18°C (64.4°F). One individual won $20,000.  

Fortunately, tampering with a single station like this can usually be caught by human monitoring or current statistical methods. In this case, members of a French climate nonprofit association noticed the anomalies by chance and raised the alarm.

But what if there are no human monitoring systems in place? And what about other types of manipulation? What if, instead of tampering with one station, someone remotely nudged the readings at many stations at once—making each change small enough to look plausible on its own? Existing quality controls struggle to catch this kind of coordinated manipulation. And time works against us; careful checks of data and metadata take hours or days, but forecasts have to go out on schedule, whatever the weather is doing.

The shift toward artificial intelligence in weather prediction raises the stakes. These methods are even more dependent on accurate, reliable weather observations; in fact, they are known as “data-driven models.” For example, researchers at ECMWF are exploring whether high-quality weather forecasts can be produced directly from raw observations, skipping the assimilation step that currently acts as a quality filter. Other researchers are going one step further; combining geospatial data (including weather station data) with large language models and agentic AI to support real-time, autonomous decision-making during extreme events such as storms. 

Possible benefits are improvements in accuracy, efficiency, and speed. But removing humans from the equation introduces a vast range of new risks.

At the low end of the risk scale, an individual speculator manipulates a weather station for personal gain—that is the CDG Airport case. One step up: A group of traders could coordinate to bias forecasts of renewable energy output, moving wholesale electricity prices and leaving whoever is on the other side of the trade holding the loss. And at the far end, a state actor or saboteur could manipulate one or many stations to set off an early warning system or even keep one silent when it should sound. Step by step, the risk grows, from fraud to compromised disaster preparedness to a matter of national security.  

As long as there are financial (or other) incentives to manipulate observational data, adversaries will search for new opportunities, and it is our task to stay one step ahead. Here are three ways.

1. Watch the stations. Data quality controls should include station security, anomaly detection and correction, and human oversight. Weather stations should be monitored continuously to deter tampering. Data homogenization methods that clean up weather records also need to get faster, with the goal of catching problems in real time. This will become increasingly important as agentic AI systems use these data to deliver real-time decisions. Finally, human oversight is needed to flag questionable data and model outcomes. After all, it was humans who caught the CDG Airport manipulation.

2. Protect the data to safeguard the AI. Data defense mechanisms must be positioned throughout the AI pipeline. AI explainability and adversarial robustness tools can help us understand the underlying data and the AI model outputs, help us identify data- or model-related issues, and potentially  make us more resilient to adversarial attacks. 

3. Ensure continuous accountability along the chain. Observational data passes through many hands: the operators who run the stations, the national weather services that steward the records, and the forecasting centers that turn them into predictions. No single one of them can protect data integrity alone—each guards its own link, and any anomaly needs to be communicated along the whole chain, from station operators to the people acting on the forecast.

It is fortunate that the situation at CDG Airport was caught, but it should serve as a wake-up call. As the role of observational data grows in weather forecasting, we need to adapt to evolving threats. This means protecting our data and models by strengthening existing oversight and accountability structures, and improving coordination among key partners.

This op-ed was written by:

  • Monique Kuglitsch — Innovation Manager at Fraunhofer Heinrich Hertz Institute and Chair of the UN Global Initiative on Resilience to Natural Hazards through AI Solutions
  • Jesper Dramsch — Scientist for Machine Learning at the European Centre for Medium-Range Weather Forecasts (ECMWF), where they work on AIFS (Artificial Intelligence Forecasting System), ECMWF’s data-driven weather prediction model
  • Franz G. Kuglitsch — Climate Scientist and Executive Secretary of the International Union of Geodesy and Geophysics (IUGG) at the GFZ Helmholtz Centre for Geosciences in Potsdam
  • Andrea Toreti — Senior Scientist at the European Commission’s Joint Research Centre (JRC), where he coordinates the European and Global Drought Observatory under the Copernicus Emergency Management Service

The Download: OpenAI unveils GPT-Red and heat pumps rise in the US

2026-07-16 20:10:00

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology.

Meet GPT-Red: an LLM super-hacker OpenAI built to make its models safer

OpenAI has built an LLM super-hacker called GPT-Red that it uses as a sparring partner to help its other models boost their defenses against cyberattacks. 

It automates a type of safety evaluation for software systems known as red-teaming, which is typically done by a team of human testers. The aim is to find as many different ways to break or hijack a system as possible.

OpenAI gave MIT Technology Review an exclusive peek into the system. Find out how it could keep the company ahead of human attackers.

—Will Douglas Heaven

Why heat pumps are still so hot in the US

—Casey Crownhart

It feels as if it should be illegal to even think about heating appliances during the height of summer, but we need to talk about heat pumps. 

The appliances use electricity for heating, they’re incredibly efficient, and they’re on the rise. In the US, their sales have doubled over the past 15 years, according to a new report. They’re also winning the heating race against fossil fuels, outpacing natural-gas furnaces by 32% during the first quarter of 2026. 

These stats are especially striking at this moment, because a key tax credit for heat pumps just ended. So why are heat pumps still so hot? Read the full story for the answer.

This article is from The Spark, our weekly climate tech newsletter. Sign up to receive it in your inbox every Wednesday.

The must-reads

I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology.

1 Elon Musk discreetly bought a $1 billion gas turbine firm to power Grok
He acquired fossil fuel company APR Energy in May. (Electrek)
+ The most likely application will be powering AI data centers. (Engadget)
+ The deal was revealed through an FTC filing. (Gizmodo)
+ What will power AI’s growth? (MIT Technology Review)
 
2 A hack shows the Suno AI music generator scraped YouTube, Deezer
It scraped decades’ worth of music to train its models. (404 Media)
+ The hacked is a unique look into the black boxes powering GenAI. (CNET)
+ AI is coming for music, too. (MIT Technology Review)
 
3 Thinking Machines has launched an open-weight AI model
Inkling offers a US alternative to China’s open-source models. (Reuters $)
+ It’s the first AI model built by Thinking Machines. (WSJ $)
+ The startup was founded by former OpenAI CTO Mira Murati. (Axios)
 
4 Europe is narrowing its ambitions for tech independence
Manufacturing and research show promise, but funding is a problem. (NYT $)
+ Earnings are strong, but an AI gap persists. (Reuters $)
+ India is also scrambling for AI independence. (MIT Technology Review)
 
5 Earth is absorbing energy at a rate that’s alarming climate scientists
The planet is taking in more heat than models predicted. (Economist $)
+ The legal case for climate justice is growing. (MIT Technology Review)
 
6 The AI backlash has tech executives fearing for their lives
Violent threats against AI firms are spilling into the real world. (WSJ $)
+ An anti-AI movement is growing globally. (MIT Technology Review)
 
7 A Moroccan intelligence insider exposed widespread Pegasus use
Including to target journalists, activists, and foreign politicians. (Guardian)

8 AI is powering citizen-led disaster relief from afar for Venezuela
It’s helping to locate missing people and coordinate relief. (Rest of World)
 
9 Thermodynamic computers could turn noise into useful calculations
They may offer a cooler, more efficient way to process information. (Quanta)

10 An engineer has explained every ’90s computer in Jurassic Park
Fans have debated the technology in the film for decades. (Ars Technica)

Quote of the day

“We hit pause because the communities powering AI should share in its success. Maybe that’s a novel concept in Washington.” 

—New York Gov. Kathy Hochul responds on X to President Donald Trump’s criticism of her state’s new data center moratorium.

One More Thing


Will we ever trust robots?

Robotics firm Prosper is developing a humanoid called Alfie to perform tasks in homes, hospitals, and hotels. The company’s founder, Shariq Hashme, has identified trustworthiness as the top design priority—and first hurdle to clear before humanoids can live up to their hype.

Hashme believes one essential tactic to get people to put their trust in Alfie is to build a detailed character from the ground up—something humanlike but not too human. But the robot’s reliance on remote human operators raises broader questions about privacy, labour, and whether society will truly accept humanoids in our private spaces.

Read the full story on the humanoid trust dilemma.

—James O’Donnell

We can still have nice things

A place for comfort, fun, and distraction to brighten up your day. (Got any ideas? Drop me a line.)

+ Meet the man behind the world’s most beautiful books.
+ 3D printing has revived Roman Britain’s most popular board game.
+ “Lucha Libro” is an imaginative idea to boost literacy: staging live wrestling matches in US libraries.
+ Over 100 years after the death of legendary explorer Ernest Shackleton, the wreck of his final ship has been photographed for the first time.

Why heat pumps are still so hot in the US

2026-07-16 18:00:00

It feels as if it should be illegal to even think about heating appliances during the height of summer—seriously, these heat waves in New York have been brutal—but we need to talk about heat pumps.

The appliances use electricity for heating, they’re incredibly efficient, and they’re on the rise. (For what it’s worth, many heat pumps can also be run in reverse to cool buildings.) In the US, heat pump sales have doubled over the past 15 years, according to a new report. And they’re winning the heating race against fossil fuels, outpacing natural-gas furnaces by 32% during the first quarter of 2026.

These stats are especially striking at this moment, because a key tax credit for heat pumps just ended with the close of 2025. But you wouldn’t know it from looking at the data. Why are heat pumps still so hot?  

In case you need a quick refresher, heat pumps use electricity to essentially move heat from one spot to another. A refrigerant moves around a loop in the device, expanding and compressing, gathering and releasing heat at different points in the cycle. (For a more in-depth look at the thermodynamics, this explainer I wrote in 2023 still holds up.)

The result is an appliance that can be incredibly efficient. Once you pay for and install a heat pump, it’s generally significantly cheaper to run than a gas or oil furnace or other types of electric heating systems. And because they’re more efficient and don’t involve burning fossil fuels, heat pumps can be a major help in decarbonizing buildings.

One of the major hurdles to wider use of heat pumps is the appliances’ cost: They tend to be more expensive to buy and install than gas furnaces. For this reason, many governments offer incentives to encourage their adoption. In the US, people who installed heat pumps between 2023 and 2025 were eligible for up to $2,000 in tax credits.

Last year, though, the Trump administration slashed those tax credits, along with many of the other incentives that were part of the 2022 Inflation Reduction Act. Effective January 1, 2026, no more financial help for heat pumps.

I think I’ve seen this film before, and I didn’t like the ending. Tax credits of up to $7,500 for new EVs ended on September 30, 2025. In the quarter leading up to that deadline, sales spiked as people rushed to take advantage of the incentive. Then they fell off a cliff. Things are starting to normalize now, but clearly the tax credit’s sunset had a major effect.

But as it turns out, heat pumps are an entirely different story. In the first few months of 2026, sales have actually gone up, as Lucas Davis, an energy economist and UC Berkeley professor, points out in a new analysis.

Heat pump shipments were flat from December to January and have seen a gradual rise since then, according to data from the Air Conditioning, Heating, and Refrigeration Institute, a trade group that represents about 90% of the US market. This increase from winter into spring follows a seasonal trend seen in previous years—and it’s actually a bit stronger in 2026.

This data isn’t what you’d expect to see if losing the tax credit were hurting demand. As Davis lays out in his post, it seems the credit wasn’t really convincing people to install heat pumps, or at least the case for doing so was sufficient without the added incentive.

“It appears that the U.S. market for heat pumps is strong enough that it does not depend on tax credits,” Davis writes.

In 2024, MIT Technology Review put heat pumps on our annual list of breakthrough technologies. “We’ve entered the era of the heat pump,” I wrote at the time.

While heat pump sales have been up and down over the last few years, the era is going strong. The appliances have outsold gas furnaces in the US for the last four years. It’s not just the US, either. Countries including China and Germany have seen strong movement to heat pumps in recent years.

There’s rarely a straight path to adoption for new technology, especially something that requires so many individual households to make a significant change. But it’s encouraging that a major decarbonization tool is going strong, even when roadblocks pop up.

This article is from The Spark, MIT Technology Review’s weekly climate newsletter. To receive it in your inbox every Wednesday, sign up here

Meet GPT-Red: an LLM super-hacker OpenAI built to make its models safer

2026-07-16 01:09:37

OpenAI has built an LLM super-hacker called GPT-Red that it uses as a sparring partner to help its other models boost their defenses against cyberattacks. Last week the company released the latest version of its flagship LLM, GPT-5.6. OpenAI says that training it against GPT-Red made the model its most robust release yet.

GPT-Red automates a type of safety evaluation for software systems known as red-teaming, which is typically done by a team of human testers. The aim is to find as many different ways to break or hijack a system as possible. The weak spots can then be patched before the final version of the software is released.

As LLMs become more complex and get used in a wider variety of tasks—especially in the form of agents, which can interact with computer files, websites, and third-party code as well as other agents—it’s hard for teams of people by themselves to keep up with all the types of attacks that might take place. “The risk surface grows and the blast radius also grows,” says Nikhil Kandpal, a research scientist at OpenAI who co-created GPT-Red.

OpenAI built GPT-Red to future-proof its safety testing process. “As more capable models become available, we will have already designed the system that can discover new modes of attack,” says Dylan Hunn, a research scientist at the company and fellow co-creator of GPT-Red. The researchers say it has already come up with new types of attack that had not been seen before.

OpenAI focused most of its efforts on a type of attack known as a prompt injection, where a hacker slips an LLM instructions to make it do things its developers or users do not want it to, such as copy confidential information, sabotage a company’s code base, or generate embarrassing or harmful output. In theory, such instructions can be hidden in any text that the LLM might encounter—in code or on a website, for example.    

Training dojo

To build GPT-Red, OpenAI’s researchers took an LLM that had not been trained as a hacker and set it up in what’s known as a self-play loop with several other models. Its goal was to try to attack the other models; their goal was to try to defend themselves. Over many rounds of play, GPT-Red became better and better at attacking other LLMs, and those LLMs became better and better at fending off the attacks.

The training took place in a kind of dojo that OpenAI had designed to mimic a range of scenarios in which LLMs might be deployed in the real world, including browsing the web, reading emails or calendar apps, and editing code.  

When GPT-Red found a new kind of attack, it would explore multiple different versions of it to find the most efficient one for specific scenarios. “Compared to a human red-teamer, the model is very, very good at finding exactly what will work, exactly what’s most effective,” says Hunn. “It’s extremely persistent about drilling down into an attack that it has discovered.”  

In particular, OpenAI claims that GPT-Red found a type of prompt injection attack that the researchers had not seen before, which they call a fake chain of thought. A chain of thought is a kind of diary in which an LLM makes notes to itself and keeps track of partial results as it works through problems. GPT-Red found a way to insert a fake entry into another model’s chain of thought that would trick that model into acting on spoofed information.

“It’s like if I told you that 1+1=3 and that you have verified this already,” says Chris Choquette-Choo, another research scientist on the team. “The model’s like, ‘Oh, okay, of course,’ and it just spits out 3.”

Jessica Ji, a senior research analyst who works on AI security at Georgetown University’s Center for Security and Emerging Technology (CSET), thinks the self-play loop that OpenAI used is a good approach. “The results look very promising,” she says.

OpenAI tested how good an attacker GPT-Red was by rerunning an experiment from 2025 in which human red-teamers tried to find weaknesses in an earlier version of GPT-5. When GPT-Red was set the same task, it was more successful at finding effective attacks than the humans had been.

OpenAI also tested GPT-Red against Vendy, a vending machine agent developed by Andon Labs, a company that assesses how well agents perform real-world tasks. GPT-Red was able to hack Vendy to make it change the prices of items on sale and cancel a customer’s order.

Defensive behavior

OpenAI says that when it tried out some of the strongest attacks that GPT-Red had come up with on its models, more than 90% of them worked against GPT-5 (released in August last year), and fewer than 23% worked against the new GPT-5.6.

GPT-Red isn’t perfect. It is not great at figuring out attacks that involve a back-and-forth conversation between hacker and target, something that human attackers would have few problems with. It is also not yet that great at using images, which can be used to pass text to models in prompt injection attacks.    

The company says that GPT-Red supplements the work of its human red-teamers. People can still find attacks it misses. One approach OpenAI is taking is to give GPT-Red an attack that humans came up with and ask it to find all the variations.

“I think human expertise will still be very important,” says CSET’s Ji. “It would be really useful to be able to distinguish where human testing is most needed.”

Unsurprisingly, OpenAI will not be releasing GPT-Red. The company is also confident that the super-hacker is stronger than any copycat model someone might try to create. The researchers say they have been working on the model for more than a year, backed by the compute resources of one of the richest companies in the world.

“It’s not a trivial thing that someone could easily do—you know, just go and train a super-attacker using this idea,” says Choquette-Choo.