OpenAI announced GPT-5.6 Sol on June 26, 2026, the flagship model in its newest family, and the most capable AI system for cybersecurity tasks the company has ever released. Sol's benchmark scores crossed OpenAI's internal threshold for "high" cyber risk — a designation that has triggered the first-ever US government-gated frontier AI release, delaying broad access pending federal evaluation.
The GPT-5.6 Family
The new model family introduces three tiers:
| Model | Best For | Pricing (Input / Output per 1M tokens) |
|---|---|---|
| Sol | Maximum capability | $5 / $30 |
| Terra | Balanced performance | $2.50 / $15 |
| Luna | Fast and affordable | $1 / $6 |
Terra is positioned as roughly 2× cheaper than GPT-5.5 with comparable quality for most tasks. Luna targets latency-sensitive applications. Sol supports a "max reasoning effort" mode and an "ultra mode" that parallelizes multiple sub-agents for complex, multi-step problems.
Cybersecurity Capabilities
Sol scored 96.7% on OpenAI's internal Capture-The-Flag evaluation suite — a battery of offensive security challenges spanning web exploitation, binary analysis, cryptography, and network attacks. This crosses the threshold OpenAI defines internally as "high" cyber risk, meaning the model demonstrates meaningful autonomous capability in vulnerability research and exploitation.
Independent benchmarks on ExploitBench place Sol competitive with Anthropic's Mythos Preview while using approximately one-third the output tokens — a significant efficiency advantage for agentic exploit-research workflows.
What Sol can do:
- Identify vulnerability classes and exploitation primitives in real browser code (Chromium and Firefox bugs were cited)
- Assist with CTF challenge solving across multiple categories at near-expert level
- Reason over complex security architectures and threat models
- Automate parts of penetration testing reporting and finding synthesis
What Sol did not demonstrate under tested conditions:
- Autonomous production of full-chain, weaponized functional exploits without human guidance
- Reliable bypass of its own safety controls under standard jailbreak attempts
Safety Stack
OpenAI deployed a layered safety architecture for Sol:
- Real-time misuse classifiers that can pause generation mid-output when high-risk request patterns are detected
- A larger "review" reasoning model that evaluates the full conversation context before releasing output on sensitive topics
- Training specifically targeting refusal of prohibited cyber assistance and resistance to multi-turn jailbreak attempts
OpenAI acknowledges that models at Sol's capability level require more robust real-time monitoring than previous generations and that the safety stack is expected to evolve as novel attack patterns are observed in deployment.
Government-Gated Release: A First
In a development without precedent in the AI industry, a June 2, 2026 Trump administration executive order created a framework requiring federal agency evaluation before broad commercial release of frontier AI systems that exceed defined cyber risk thresholds. Sol is the first model to trigger this framework.
Initial access has been restricted to approximately 20 government-approved organizations while the evaluation process unfolds. OpenAI has publicly pushed back: "We don't believe this kind of government access process should become the long-term default" — but has complied with the requirement. General availability is targeted for the weeks following the August 2026 evaluation deadline.
Partnership and Throughput
OpenAI announced a partnership with Cerebras targeting 750 tokens per second for Sol inference beginning in July 2026. At that throughput, Sol's multi-subagent "ultra mode" becomes significantly more practical for time-sensitive security research workflows.
Implications for the Security Community
Sol's capabilities — and the government's response to them — signal a genuine inflection point. AI systems that can autonomously reason about exploitation at near-expert level are no longer hypothetical. The practical impact for defenders:
- Red teams will gain powerful augmentation for vulnerability research and report drafting, but face questions about access restrictions during the evaluation window.
- Defenders can leverage Sol-class models for accelerated threat modelling, detection rule authoring, and adversarial simulation — areas where the safety constraints are less restrictive than direct exploitation assistance.
- Policy teams should expect the government-gating framework to expand: if Sol triggers it, subsequent models almost certainly will too, reshaping how frontier AI rolls out across regulated industries.
The August 2026 deadline will be closely watched as a signal of how the US government intends to govern AI systems that demonstrably lower the bar for sophisticated cyberattacks.