GPT-5.6 Sol's ExploitBench Score of 73.5% Is Either Amazing or Terrifying — Here's Why
ExploitBench 73.5% is a massive leap from GPT-5.5's 47.9%. I dig into what this means for security professionals, the Trusted Access program, and where Sol still falls short on defensive work.

Why Cybersecurity Is Sol's Breakthrough
Here's a number that made me sit up straight: 73.5%. That's GPT-5.6 Sol's score on ExploitBench, up from GPT-5.5's 47.9%. In the world of AI cybersecurity capabilities, that's not an incremental improvement — it's a generational leap. And honestly, it caught most security researchers off guard.
I've been testing Sol's security capabilities for the past week, and the results are genuinely surprising. Not because Sol can write exploits (it can, and that's concerning from a safety perspective), but because its ability to find vulnerabilities in complex codebases is now at a level where it could meaningfully assist professional security teams.
OpenAI has clearly invested heavily in cybersecurity training data for Sol. The model was trained on curated vulnerability datasets, CVE analyses, and penetration testing reports. The result is a model that doesn't just pattern-match known vulnerability types — it can reason about novel attack vectors in ways that GPT-5.5 simply couldn't.
The 25-Point Jump in Context
To put the 47.9% to 73.5% jump in perspective: Claude Fable 5 hasn't published ExploitBench scores, but independent testing suggests it's somewhere in the 55-60% range. If that's accurate, Sol has a significant lead in this specific domain. For security teams, this might be the single most compelling reason to evaluate Sol. If you're new to the GPT-5.6 family, the complete guide provides essential context on all three model variants.
ExploitBench 73.5%: What the Scores Mean
ExploitBench isn't a single test — it's a suite of security challenges spanning multiple categories:
| Category | Sol Score | GPT-5.5 Score | Improvement |
|---|---|---|---|
| Buffer Overflows | 89% | 62% | +27% |
| Injection Attacks | 82% | 55% | +27% |
| Logic Vulnerabilities | 71% | 43% | +28% |
| Authentication Bypass | 76% | 48% | +28% |
| Crypto Weaknesses | 65% | 38% | +27% |
| Race Conditions | 58% | 29% | +29% |
The improvement is remarkablyably consistent across categories, which suggests a genuine capability upgrade rather than overfitting to specific vulnerability types. That consistency is actually more impressive than the headline number.
Where Sol shines most: it's excellent at identifying injection vulnerabilities and buffer overflows in C/C++ code. Give it a 500-line function and it'll flag the vulnerable strcpy or unsanitized input with surgical precision. Where it's weaker: race conditions and timing attacks, where the 58% score reflects the genuine difficulty of reasoning about concurrent execution. For a broader analysis of Sol's benchmark performance across all major tests, see the benchmark guide.
Defensive Use Cases
Enough about offensive capabilities — the real value for most developers is using Sol defensively. Here are the use cases I tested:
Code Review Security Audit
I fed Sol a pull request containing 12 files with a deliberately planted SQL injection vulnerability, an XSS vector, and an insecure deserialization issue. Sol caught all three in a single pass, with accurate explanations of the attack vectors and concrete fix suggestions. This is immediately useful for any team that wants to add an AI-powered security layer to their code review process.
Vulnerability Remediation
Given a CVE description and affected code, Sol can generate patches. I tested this with three real CVEs from 2025 and Sol produced working patches for two of them. The third required context about the specific framework's internals that wasn't in the provided code — a fair limitation.
Threat Modeling Assistance
This is where I was most impressed. I described a microservices architecture and asked Sol to identify the top 5 attack surfaces. It produced a threat model that was 80% as good as what a senior security engineer would generate, and it did it in 30 seconds. Not a replacement for human expertise, but a fantastic starting point that saves hours of initial brainstorming. I also put Sol through hands-on coding tests that revealed similar patterns of strong tactical ability with occasional architectural blind spots.
Trusted Access for Cyber
OpenAI has launched a "Trusted Access for Cyber" program specifically for Sol's security capabilities. The idea is to give vetted security researchers and professionals access to Sol's full cybersecurity toolkit without the usual safety restrictions that limit offensive security queries.
To qualify, you need to demonstrate legitimate security work — penetration testing, vulnerability research, or security consulting. The application process takes about a week, and once approved, you get access to Sol without the standard content filters that would normally refuse to help with exploit development.
Is this a good idea? It's a double-edged sword. On one hand, security professionals genuinely need these capabilities. On the other hand, the vetting process is only as good as OpenAI's ability to verify applicants' credentials. I've heard mixed opinions from the security community — some welcome it, others worry about the potential for misuse.
Safety Guardrails
For users without Trusted Access, Sol maintains strict safety guardrails around cybersecurity queries. It will:
- Identify vulnerabilities in your code and suggest fixes (defensive: allowed)
- Explain how specific attack vectors work in educational contexts (allowed)
- Write functional exploit code targeting real systems (blocked)
- Help develop malware or ransomware (blocked)
- Assist with social engineering campaigns (blocked)
The line between "educational" and "offensive" is blurry, and in my testing, Sol occasionally refused legitimate security research queries. When I asked it to explain the mechanics of a specific zero-day for a research writeup, it refused twice before complying on the third attempt after I provided more context about my research purpose.
My advice: if you're doing legitimate security work, apply for Trusted Access. The standard guardrails are too aggressive for professional security research, and the approval process isn't onerous.
Frequently Asked Questions
What is ExploitBench?
ExploitBench is a cybersecurity benchmark that evaluates AI models on their ability to identify, analyze, and help remediate software vulnerabilities. It tests both offensive and defensive security capabilities across realistic codebases.
Can GPT-5.6 Sol replace a human penetration tester?
No. While Sol scores well on ExploitBench (73.5%), it excels at pattern recognition in code rather than creative exploitation. It's best used as a force multiplier for human security professionals, not a replacement.

