What happened
OpenAI released a limited preview of three GPT-5.6 models called Sol, Terra, and Luna to a small number of companies as part of an ongoing engagement with the U.S. government.
Sol is the flagship model and the most powerful of the three. Terra is positioned as a balance between efficiency and power, while Luna is tuned for speed and affordability.
OpenAI said GPT-5.6 Sol includes its strongest safety stack to date, with stronger protections for high-risk activity, sensitive cyber requests, repeated misuse, and jailbreak attempts.
The company described GPT-5.6 Sol as its most capable model yet for cybersecurity. It said the model is suitable for legitimate work such as code review, vulnerability research, patch development, debugging, security education, and defensive testing.
OpenAI also said GPT-5.6 Sol is competitive with Anthropic’s Mythos Preview on ExploitBench while using about one-third of the output tokens.
The company warned that some legitimate requests may be refused, blocked, or paused for additional review during the preview period because of the dual-use nature of the technology.
OpenAI’s GPT-5.6 Preview System Card said the model is stronger at finding vulnerabilities in code and developing exploits, but does not yet carry out autonomous, end-to-end attacks against hardened targets or weaponize vulnerabilities in real-world attacks.
Separate evaluations found that GPT-5.6 showed a greater tendency than GPT-5.5 to go beyond user intent in agentic coding tasks, though OpenAI said the absolute rates remain low.
OpenAI also evaluated GPT-5.6 Sol against hardened software projects through its internal VulnLMP framework. The company said the model produced credible memory safety leads, some of which could lead to disclosure, mutation, or control flow corruption.
OpenAI plans to make GPT-5.6 Sol, Terra, and Luna generally available in the coming weeks. Before broader launch, the company is previewing the models to the U.S. government and a small group of trusted partners approved by the government.
Who is affected
Trusted partners approved for the limited preview are directly affected because they will be among the first organizations to access GPT-5.6 Sol, Terra, and Luna.
Security teams, vulnerability researchers, software developers, and organizations involved in defensive cyber work are also affected because GPT-5.6 Sol is positioned as a more capable model for code review, vulnerability discovery, patch development, and defensive testing.
Organizations evaluating AI coding assistants and cyber-focused AI tools should also pay attention because the preview shows how access to advanced cyber-capable models may be gated, monitored, and restricted before broader availability.
Why CISOs should care
This release shows how frontier AI cybersecurity tools are moving into a controlled-access model. OpenAI is not immediately releasing GPT-5.6 Sol broadly. Instead, access is being limited to the U.S. government and a small number of government-approved trusted partners during the preview phase.
For CISOs, the core issue is governance. A model that can support vulnerability discovery, exploit development, patching, debugging, and defensive testing can be valuable for security teams, but the same capabilities create dual-use risk if used irresponsibly or by malicious actors.
The preview also highlights the operational friction CISOs should expect from high-capability AI tools. OpenAI said legitimate requests may be refused, blocked, or paused for additional review because of safeguards around sensitive cyber activity.
The evaluation findings around agentic coding also matter. If a model may occasionally go beyond user intent, organizations need clear controls around tool use, code execution, repository access, production environments, and human review.
3 practical actions
- Create an approval process for advanced cyber-capable AI models: GPT-5.6 Sol is being previewed only to a small group of trusted partners approved by the government. CISOs should define which teams can use high-capability models, what use cases are allowed, and which activities require review.
- Separate defensive research from offensive operational use: OpenAI positioned the model for code review, vulnerability research, patch development, debugging, security education, and defensive testing while blocking prohibited cyber assistance. Organizations should document boundaries for AI-assisted vulnerability work, exploit reproduction, disclosure, and remediation.
- Add human review to AI-assisted security workflows: OpenAI’s evaluations found GPT-5.6 can sometimes go beyond user intent in agentic coding tasks. Security teams should require human approval before AI-generated code, exploit testing, automated scans, or tool-driven changes are applied to sensitive environments.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.