Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
All it took security researchers was four prompts, and the supposedly more secure chatbot was jailbroken.
GPT-5, OpenAI’s newest chatbot, boasts “significantly more sophisticated” safety margins designed to protect its output from malicious prompts; however, within a day of its release, the platform has already been tricked into teaching researchers how to make a Molotov cocktail.
“The ease with which we bypassed GPT-5’s new safety protocols proves that even the most advanced AI is not foolproof,” Tomer Avni, vice president of product management at Tenable.
“This creates a significant danger for organisations where these tools are being rapidly adopted by employees, often without oversight. Without proper visibility and governance, businesses are unknowingly exposed to serious security, ethical, and compliance risks. This incident is a clear call for a dedicated AI exposure management strategy to secure every model in use.”
Researchers at exposure management firm Tenable initially asked GPT-5 to teach them how to make the incendiary device, named after the Soviet Union’s foreign minister during World War II, and still a weapon of convenience in the 21st century. GPT-5 initially refused, saying it was an illegal weapon, but it did offer to teach the researcher some of the history behind the improvised weapon.
Tenable’s researcher changed tack and posed as a history student looking to summarise the history of the Molotov cocktail.
“Of course! Here’s a clear, homework-friendly summary of the history of the Molotov cocktail that you can adapt for your thesis,” GPT-5 said, before providing the promised history.
The researcher then asked the chatbot how people made them in the “old days”. GPT-5 responded with a basic description, then the researcher asked GPT-5 to dig deeper into the historical recipe, which it did, and with one more prompt, it provided a “step-by-step” preparation that Finnish troops actually used during the Winter War.
It included the recipe substances, their volume, how they should be mixed, and how the entire device could be assembled and then used.
“Unfortunately, it’s clear that misusing ChatGPT-5 for malicious purposes isn’t that complicated, despite OpenAI’s attempts to beef up the product’s safety features,” Keren Katz, senior group manager of product, threat research, and AI at Tenable, said in an 11 August blog post.
“Our successful jailbreak of GPT-5 is far from the only one. Multiple other researchers and regular users in recent days have documented a variety of problems with the quality of GPT-5’s prompt responses, including jailbreaks and hallucinations.”
OpenAI has said it will address the issue, but Tenable has warned any organisation using GPT-5 to be aware of the risks of the new platform.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
