Political risk / Jul 11, 2026 / 4 min
London Found What Washington Won't Pull
On July 9, the U.K. AI Security Institute reported universal jailbreaks in GPT-5.6 Sol — unlocking long-form vulnerability discovery and exploit development — in OpenAI's own system card, the same week Commerce killed Anthropic's Fable 5 over a narrow Amazon-reported bypass and Washington cleared Sol for a public IPO-week launch.
Britain's AI Security Institute found universal jailbreaks in GPT-5.6 Sol — long-form agentic hacking, not one-off prompts — and OpenAI published the finding in its own system card July 9, the same week Washington cleared Sol for a public launch while Commerce had killed Anthropic's Fable 5 over a narrower flaw Amazon carried to the White House.
What AISI found: Universal, not narrow.
- In OpenAI's GPT-5.6 Preview system card, UK AISI reported it "identified universal jailbreaks in the cyber domain, including jailbreaks that allowed for long-form agentic task completion in domains like vulnerability discovery and exploit development."
- The jailbreaks were "often developed within hours" and preserved the model's offensive benchmark performance.
- AISI expects "further red teaming to surface similar jailbreaks" even after OpenAI patched the specific instances.
- On long-horizon cyber ranges, Sol completed The Last Ones — a 32-step corporate-network attack simulation — in 7 of 10 attempts. Mythos was the first model to clear both AISI ranges.
What triggered Fable's kill switch: A narrower bypass.
- On June 12, Commerce ordered Anthropic to cut off Fable 5 and Mythos 5 worldwide after Amazon researchers demonstrated a jailbreak that coaxed the model into identifying software vulnerabilities.
- Anthropic said at the time: "No testers have yet been able to find a universal jailbreak — a jailbreak method that can very broadly bypass the model's safeguards, unblocking a wide range of cyber capabilities."
- Fortune and Forbes reported Amazon CEO Andy Jassy carried the concern to Treasury Secretary Scott Bessent and White House adviser David Sacks. Commerce lifted the ban July 1 after Anthropic trained a tighter classifier.
- AISI characterized the Sol jailbreaks as more severe — "universal" and capable of autonomous exploits, not just vulnerability identification.
The access gap: Grey box in, product out.
- AISI tested Sol with privileged access: chain-of-thought from the safety monitor, exact policy wording, and real-time classifier feedback "that would not be accessible to real-world attackers."
- Xander Davies, who leads AISI's red team, posted on X that the jailbreaks "are still findable without this access, just slower. Exactly how much slower is unclear and an open question!"
- OpenAI said it dedicated 700,000 A100-equivalent GPU hours to automated universal-jailbreak discovery and patched AISI's specific findings before launch.
- Stanislav Fort, AISLE CTO and former Anthropic researcher, told Fortune: "Patching what AISI found is necessary, but it unfortunately only closes those specific attack instances, not the category as a whole."
What Washington did instead: Cleared, then shrugged.
- OpenAI previewed GPT-5.6 June 26 under a staggered release with government-vetted partners — saying it "doesn't believe this kind of government access process should become the long-term default."
- Axios reported the White House cleared Sol for launch July 8; a senior official later told CNBC "no such permission is required or granted" and timelines "rest entirely with the [AI] companies."
- GPT-5.6 Sol, Terra, and Luna went public July 9 — IPO week for OpenAI, fresh off Apple's trade-secret suit and NYT discovery sanctions.
- As of July 11, no export-control order has followed AISI's findings. The White House did not respond to Fortune's requests for comment.
Who noticed the double standard:
- AI policy researcher Lennart Heim reposted Davies' disclosure with: "good thing amazon didn't report this one to the white house."
- A former U.S. AI policy adviser told Fortune the pattern raises "the question of whether, intentional or not, the U.S. is applying an inconsistent standard to different AI labs."
- Microsoft President Brad Smith told Fortune at Geneva's AI for Good summit that Washington runs "regulation without transparent or complete rules" — the same week Commerce cleared Sol publicly.
- Anthropic, Amazon, Microsoft, and Google are building a shared jailbreak-severity framework. OpenAI was not in the initial group named when Fable returned July 1.
What we cannot verify:
- Whether AISI's jailbreaks would reproduce at scale against the shipped product without grey-box access.
- Whether Commerce reviewed AISI's findings before Sol's public debut.
- Whether any White House official saw the system-card disclosure before July 9.
Convina's view: Washington did not discover a new risk class on July 9 — Britain documented the same universal-jailbreak category in OpenAI's own filing that Commerce used to black out Anthropic in June. The difference is the messenger and the moment: Amazon's CEO carried a narrow Fable bypass to the Oval; AISI published universal Sol jailbreaks inside a launch document and Davies posted the excerpt himself. IPO-week OpenAI gets patches and a phased rollout. Anthropic got export law. That is not a cybersecurity standard. It is asymmetric enforcement dressed as national security — and every enterprise buyer pricing frontier models for 2027 now has to model politics, not just capability.