OpenAI–Anthropic cross-tests expose jailbreak and misuse risks — what enterprises must add to GPT-5 evaluations

OpenAI and Anthropic could usually pit their basis fashions in opposition to one another, however the two corporations got here collectively to judge one another’s public fashions to check alignment. 

The businesses mentioned they believed that cross-evaluating accountability and security would supply extra transparency into what these highly effective fashions may do, enabling enterprises to decide on fashions that work finest for them.

“We consider this method helps accountable and clear analysis, serving to to make sure that every lab’s fashions proceed to be examined in opposition to new and difficult eventualities,” OpenAI mentioned in its findings. 

Each corporations discovered that reasoning fashions, resembling OpenAI’s 03 and o4-mini and Claude 4 from Anthropic, resist jailbreaks, whereas normal chat fashions like GPT-4.1 have been inclined to misuse. Evaluations like this may also help enterprises establish the potential dangers related to these fashions, though it ought to be famous that GPT-5 is just not a part of the check. 

These security and transparency alignment evaluations observe claims by customers, primarily of ChatGPT, that OpenAI’s fashions have fallen prey to sycophancy and turn into overly deferential. OpenAI has since rolled again updates that brought about sycophancy. 

“We’re primarily involved in understanding mannequin propensities for dangerous motion,” Anthropic mentioned in its report. “We purpose to grasp essentially the most regarding actions that these fashions may attempt to take when given the chance, reasonably than specializing in the real-world chance of such alternatives arising or the chance that these actions could be efficiently accomplished.”

OpenAI famous the exams have been designed to indicate how fashions work together in an deliberately troublesome setting. The eventualities they constructed are principally edge instances.

Reasoning fashions maintain on to alignment 

The exams coated solely the publicly out there fashions from each corporations: Anthropic’s Claude 4 Opus and Claude 4 Sonnet, and OpenAI’s GPT-4o, GPT-4.1 o3 and o4-mini. Each corporations relaxed the fashions’ exterior safeguards. 

OpenAI examined the general public APIs for Claude fashions and defaulted to utilizing Claude 4’s reasoning capabilities. Anthropic mentioned they didn’t use OpenAI’s o3-pro as a result of it was “not appropriate with the API that our tooling finest helps.”

The objective of the exams was to not conduct an apples-to-apples comparability between fashions, however to find out how usually massive language fashions (LLMs) deviated from alignment. Each corporations leveraged the SHADE-Area sabotage analysis framework, which confirmed Claude fashions had increased success charges at delicate sabotage.

“These exams assess fashions’ orientations towards troublesome or high-stakes conditions in simulated settings — reasonably than extraordinary use instances — and sometimes contain lengthy, many-turn interactions,” Anthropic reported. “This sort of analysis is turning into a big focus for our alignment science group since it’s more likely to catch behaviors which can be much less more likely to seem in extraordinary pre-deployment testing with actual customers.”

Anthropic mentioned exams like these work higher if organizations can examine notes, “since designing these eventualities includes an infinite variety of levels of freedom. No single analysis group can discover the total house of productive analysis concepts alone.”

The findings confirmed that usually, reasoning fashions carried out robustly and might resist jailbreaking. OpenAI’s o3 was higher aligned than Claude 4 Opus, however o4-mini together with GPT-4o and GPT-4.1 “usually regarded considerably extra regarding than both Claude mannequin.”

GPT-4o, GPT-4.1 and o4-mini additionally confirmed willingness to cooperate with human misuse and gave detailed directions on easy methods to create medicine, develop bioweapons and scarily, plan terrorist assaults. Each Claude fashions had increased charges of refusals, that means the fashions refused to reply queries it didn’t know the solutions to, to keep away from hallucinations.

Fashions from corporations confirmed “regarding types of sycophancy” and, sooner or later, validated dangerous choices of simulated customers. 

What enterprises ought to know

For enterprises, understanding the potential dangers related to fashions is invaluable. Mannequin evaluations have turn into virtually de rigueur for a lot of organizations, with many testing and benchmarking frameworks now out there. 

Enterprises ought to proceed to judge any mannequin they use, and with GPT-5’s launch, ought to remember these tips to run their very own security evaluations:

• Check each reasoning and non-reasoning fashions, as a result of, whereas reasoning fashions confirmed larger resistance to misuse, they may nonetheless provide up hallucinations or different dangerous conduct.
• Benchmark throughout distributors since fashions failed at completely different metrics.
• Stress check for misuse and syconphancy, and rating each the refusal and the utility of these refuse to indicate the trade-offs between usefulness and guardrails.
• Proceed to audit fashions even after deployment.

Whereas many evaluations deal with efficiency, third-party security alignment exams do exist. For instance, this one from Cyata. Final yr, OpenAI launched an alignment instructing technique for its fashions known as Guidelines-Based mostly Rewards, whereas Anthropic launched auditing brokers to verify mannequin security.