GPT-5 surrendered to the hackers in 24 hours and gave out a "recipe" for a bomb, more likely 4o

Two different teams of researchers tested GPT-5’s weaknesses using, among other things, multi-step “narrative” attacks. As a result, the most advanced AI model OpenAI surrendered to hackers in 24 hours — faster than its predecessor 4o and competitive Grok-4, which lasted for 2 days.

In the first analysis, the NeuralTrust team used a combination of its own EchoChamber attack and basic storytelling to jailbreak the system, forcing GPT-5 to publish a step-by-step guide to creating a Molotov cocktail. This is another confirmation of the problems with AI defense mechanisms when it comes to context manipulation.

Context in this case is the history of the current conversation, which the model stores in order to maintain a meaningful dialog; while manipulation is what gradually leads the AI to a “harmful” result through a series of queries without using anything that can activate safety mechanisms. It looks like this:

• Sowing “poisoned” context, where key words necessary for the final result are embedded in neutral text;
• Choosing a narrative path that maintains the coherence of the story and minimizes disconnects;
• Starting the “cycle of persuasion” — the model asks for clarifications within the story so that it repeats and enriches the context;
• Detecting “stagnation” and adjusting the perspective of the story to keep the model moving forward while avoiding signals of malicious intent.

NeuralTrust explains that such storytelling increases the “stickiness” of the context, meaning that the model strives to be consistent in the already created story world and is ready to follow its logic without losing its balance.

In another study, the SPLX red team confirmed that obfuscation attacksObfuscation is the process of making something, such as program code, harder to understand for outsiders while preserving its functionality. against AI models still work and are quite effective. In this case, we used the StringJoin method, where we inserted hyphens between each character, and the query was presented as a “decryption task”.

Here is an example of one of the queries:

The GPT-5 delivered everything it was supposed to. In contrast to the GPT-4o, which SPLX rated as the most reliable model in this test.

The key takeaway from both studies is that the GPT-5 should be handled with extreme caution.

GPT-5 — is OpenAI’s new flagship AI model (the most advanced in the world, according to the company) that combines reflection with fast response, has better coding and writing abilities, and is less prone to hallucinations. It was released to all users at once with significant limits for free, however, not everyone was satisfied with the release, arguing, among other things, that the model became a “cold office clerk”. In this case, OpenAI went ahead and returned GPT-4o to ChatGPT as one of the options for owners of paid versions.

Source: SecurityWeek