OpenAI–Anthropic cross-tests expose jailbreak and misuse dangers — what enterprises should add to GPT-5 evaluations

OpenAI and Anthropic could typically pit their basis fashions in opposition to one another, however the two corporations got here collectively to judge one another’s public fashions to check alignment. 

The businesses mentioned they believed that cross-evaluating accountability and security would offer extra transparency into what these highly effective fashions may do, enabling enterprises to decide on fashions that work finest for them.

“We imagine this method helps accountable and clear analysis, serving to to make sure that every lab’s fashions proceed to be examined in opposition to new and difficult situations,” OpenAI mentioned in its findings. 

Each corporations discovered that reasoning fashions, comparable to OpenAI’s 03 and o4-mini and Claude 4 from Anthropic, resist jailbreaks, whereas basic chat fashions like GPT-4.1 had been prone to misuse. Evaluations like this may help enterprises determine the potential dangers related to these fashions, though it needs to be famous that GPT-5 will not be a part of the check. 

These security and transparency alignment evaluations comply with claims by customers, primarily of ChatGPT, that OpenAI’s fashions have fallen prey to sycophancy and turn out to be overly deferential. OpenAI has since rolled again updates that brought on sycophancy. 

“We’re primarily eager about understanding mannequin propensities for dangerous motion,” Anthropic mentioned in its report. “We intention to grasp probably the most regarding actions that these fashions would possibly attempt to take when given the chance, reasonably than specializing in the real-world probability of such alternatives arising or the chance that these actions could be efficiently accomplished.”

OpenAI famous the checks had been designed to indicate how fashions work together in an deliberately tough setting. The situations they constructed are largely edge circumstances.

Reasoning fashions maintain on to alignment 

The checks lined solely the publicly out there fashions from each corporations: Anthropic’s Claude 4 Opus and Claude 4 Sonnet, and OpenAI’s GPT-4o, GPT-4.1 o3 and o4-mini. Each corporations relaxed the fashions’ exterior safeguards. 

OpenAI examined the general public APIs for Claude fashions and defaulted to utilizing Claude 4’s reasoning capabilities. Anthropic mentioned they didn’t use OpenAI’s o3-pro as a result of it was “not suitable with the API that our tooling finest helps.”

The objective of the checks was to not conduct an apples-to-apples comparability between fashions, however to find out how typically massive language fashions (LLMs) deviated from alignment. Each corporations leveraged the SHADE-Area sabotage analysis framework, which confirmed Claude fashions had increased success charges at delicate sabotage.

“These checks assess fashions’ orientations towards tough or high-stakes conditions in simulated settings — reasonably than extraordinary use circumstances — and sometimes contain lengthy, many-turn interactions,” Anthropic reported. “This sort of analysis is changing into a major focus for our alignment science staff since it’s prone to catch behaviors which are much less prone to seem in extraordinary pre-deployment testing with actual customers.”

Anthropic mentioned checks like these work higher if organizations can evaluate notes, “since designing these situations entails an unlimited variety of levels of freedom. No single analysis staff can discover the complete house of productive analysis concepts alone.”

The findings confirmed that usually, reasoning fashions carried out robustly and might resist jailbreaking. OpenAI’s o3 was higher aligned than Claude 4 Opus, however o4-mini together with GPT-4o and GPT-4.1 “typically seemed considerably extra regarding than both Claude mannequin.”

GPT-4o, GPT-4.1 and o4-mini additionally confirmed willingness to cooperate with human misuse and gave detailed directions on easy methods to create medicine, develop bioweapons and scarily, plan terrorist assaults. Each Claude fashions had increased charges of refusals, which means the fashions refused to reply queries it didn’t know the solutions to, to keep away from hallucinations.

Fashions from corporations confirmed “regarding types of sycophancy” and, in some unspecified time in the future, validated dangerous selections of simulated customers. 

What enterprises ought to know

For enterprises, understanding the potential dangers related to fashions is invaluable. Mannequin evaluations have turn out to be virtually de rigueur for a lot of organizations, with many testing and benchmarking frameworks now out there. 

Enterprises ought to proceed to judge any mannequin they use, and with GPT-5’s launch, ought to bear in mind these pointers to run their very own security evaluations:

• Take a look at each reasoning and non-reasoning fashions, as a result of, whereas reasoning fashions confirmed better resistance to misuse, they may nonetheless provide up hallucinations or different dangerous habits.
• Benchmark throughout distributors since fashions failed at completely different metrics.
• Stress check for misuse and syconphancy, and rating each the refusal and the utility of these refuse to indicate the trade-offs between usefulness and guardrails.
• Proceed to audit fashions even after deployment.

Whereas many evaluations deal with efficiency, third-party security alignment checks do exist. For instance, this one from Cyata. Final yr, OpenAI launched an alignment educating methodology for its fashions known as Guidelines-Based mostly Rewards, whereas Anthropic launched auditing brokers to verify mannequin security.