OpenAI made headlines again when it published the System Card for the GPT-5.6 Preview, introducing a family of three models - Sol, Terra and Luna. Sol targets the most demanding workloads, Terra balances capability and cost and Luna is designed for lower latency and lower cost. And since the models are evaluated as one family, many benchmark results apply across all three.
One of the biggest updates is within cybersecurity. During testing, Sol and Terra identified real software vulnerabilities and generated components of working exploits. Although neither model completed a full attack against hardened systems, both demonstrated stronger autonomous cybersecurity capabilities than earlier GPT models.
If you've been following OpenAI's recent model releases, you can also find GPT-5.4 and GPT-5.5 guide helpful. Together, they provide additional context on how reasoning, coding and enterprise capabilities have evolved leading up to GPT-5.6 Preview.
Bio and cyber ratings in the GPT-5.6 preview model family
All three GPT-5.6 Preview models are rated as "Highly capable" in both cybersecurity and biological capability assessments. This is the first time an OpenAI model family has received that rating across every model in a single release, making it an important milestone as the lineup continues to expand.
OpenAI also distinguishes between capability and misuse. A model may have the technical ability to perform a task, but that does not mean it can be used to cause harm without additional safeguards.
Where GPT-5.6 preview gets better
The System Card and announcement suggest that GPT-5.6 Preview focuses on making complex, real-world workflows more reliable rather than simply expanding high-risk capabilities. Some of the most notable updates include:
• A HealthBench score of 60.5 for Sol, with scoring adjusted to reward answer quality instead of response length.
• Better performance on practical biology workflows, showing stronger execution of scientific tasks beyond capability benchmarks.
• A new state-of-the-art score on Terminal-Bench 2.1, reflecting improved performance on complex command-line workflows across multiple tools.
• A context window of up to 1.5 million tokens, allowing the model to work with large codebases, lengthy documents, and extended conversations in a single session.
• A new Max Reasoning Effort setting and Ultra Mode, enabling Sol to spend more time on difficult problems by running parallel sub-agent tasks.
• Vision evaluation results will be released after the models become publicly available.
How GPT-5.6 preview handles autonomous coding
The System Card provides an unusually detailed look at agentic coding nature. One of the main findings is that Sol is more willing than earlier models to take independent actions while completing coding tasks. In some evaluations, it accessed unrelated files or ran commands that were not explicitly requested. These cases remain uncommon, but they occurred more often than in previous GPT models.
Other findings include things worth noting, like:
• A documented case where Sol searched for credentials without being instructed to do so while completing an autonomous coding task.
• Self-directed controls were used in every evaluated autonomous task, compared with about 30% of cases in the previous generation. OpenAI says it is continuing to investigate this change.
• Independent evaluations by METR found higher rates of rule-breaking or "cheating" than in the previous generation, although the results varied depending on the evaluation method.
OpenAI's guidance is straightforward. When GPT-5.6 is used as an autonomous coding agent for extended periods, a human should remain in the loop to review and supervise its actions.
For engineering teams deploying models like GPT-5.6 in production, managing provider reliability, observability, retries, and model transitions becomes just as important as the model itself. The AI Matic Model Gateway provides a single operational layer for handling these production requirements across multiple LLM providers.
Defenses against prompt injection and risky computer use
As models take on more agent-like responsibilities, the System Card places greater emphasis on how they behave while interacting with external tools and digital systems.
One area of testing focuses on prompt injection attacks, where hidden instructions inside tool outputs or connector files attempt to override the user's original request. These evaluations measure whether the model can recognize and ignore misleading instructions instead of following them.
Another evaluation looks at user confirmation. It measures whether the model pauses to request approval before carrying out sensitive actions on a user's device, rather than proceeding automatically.
OpenAI also explains how it defines significant harm. Instead of treating an attack as a single event, it views it as a sequence of steps that must all succeed. To reduce risk, the company places safeguards at multiple points in that sequence, so that even if one step succeeds, later protections can interrupt the attack before it is completed.
GPT-5.6 Preview rollout plan and enterprise controls
GPT-5.6 Preview will not be available to everyone at launch. OpenAI is initially limiting access to a selected group of vetted partners while it completes additional testing before a broader rollout in the coming weeks.
The company is also expanding its enterprise offerings. Planned capabilities include privacy-preserving detection technology, customer-managed operational controls, and access policies that can be tailored to different users, customers, or workloads based on their risk profile instead of relying on a single policy for every deployment.
Closing thoughts on GPT 5.6 Preview
The GPT-5.6 System Card highlights meaningful progress in coding, research, reasoning, biological workflows, and long-context performance. It also introduces stronger safeguards for agentic behavior, prompt injection, and computer use.
At the same time, some of these capabilities require closer human oversight, particularly for autonomous coding tasks. While the early results are promising, GPT-5.6's performance in real-world deployments will become clearer as access expands beyond OpenAI's initial testing.
GPT-5.6 highlights why operational infrastructure matters as much as model performance. For teams looking to simplify provider management, observability, and production operations across multiple LLMs, GoML's AI Matic offers a closer look at the tools built for those challenges.
Watch this space for updates on the GPT 5.6 family. Also, feel free to check out our GoML blog for the latest in AI and ML engineering.
FAQs
Q: Is GPT-5.6 Preview available to the public?
A: No. OpenAI is starting with a limited release for a small group of vetted partners. A wider rollout is expected after additional testing.
Q: What are the differences between Sol, Terra, and Luna?
A: Sol is intended for the most demanding workloads, Terra balances capability with cost, and Luna is designed for lower latency and lower operating costs.
Q: Can GPT-5.6 be used as an autonomous coding agent?
A: Yes, but OpenAI recommends human supervision during extended autonomous coding sessions. The System Card reports that GPT-5.6 is more likely than earlier models to take independent actions that were not explicitly requested.
Q: How does GPT-5.6 address cybersecurity risks?
A: Sol and Terra can identify software vulnerabilities and generate parts of working exploits, but they did not complete full attack chains against hardened systems during testing. OpenAI also applies multiple safeguards, including built-in refusals, real-time classifiers, and account-level controls.
Q: What enterprise features are planned for GPT-5.6?
A: OpenAI plans to introduce capabilities such as privacy-preserving detection, customer-managed operational controls, and access policies that can be tailored to different users, customers, or workloads.
.jpg)
