GPT-5.6 Sol Restricted: OpenAI Pauses Launch for Federal Review

TL;DR

• OpenAI's GPT-5.6 Sol model is restricted to roughly 20 customers approved by the Trump administration while a federal cybersecurity review runs its course.
• President Trump signed an executive order on June 2, 2026 creating a voluntary framework for up to a 30-day government review of advanced AI models before public release.
• The restriction request came jointly from the Office of the National Cyber Director and the Office of Science and Technology Policy, with Commerce Secretary Howard Lutnick also urging OpenAI to hold the launch.
• OpenAI's own safety assessment found Sol does not cross the company's internal risk threshold, but flagged unforeseen risks if Sol is combined with other tools.
• Stanford expert Alex Stamos found no novel risks in a comparable review of Anthropic's models, saying "pretty much nobody in the cybersecurity industry believes that there's any factual basis for this action."

What Happened With GPT-5.6 Sol?

GPT-5.6 Sol is now restricted to a small circle of vetted commercial partners while a White House-directed cybersecurity review proceeds. Only around 20 customers have been approved so far. The hold is not a ban - it is a voluntary pause shaped by direct federal pressure. OpenAI has not publicly set a timeline for wider availability, and the situation remains fluid as agencies work through their assessment criteria under the new executive order framework.

We tracked this story from the moment the restriction surfaced in federal reporting, and the speed of the coordinated ask - multiple agencies moving in parallel - stood out immediately as atypical for a commercial software launch.

Who Asked OpenAI to Hold the Launch?

The request did not come from a single agency. The Office of the National Cyber Director and the Office of Science and Technology Policy jointly pushed for the delay, with Commerce Secretary Howard Lutnick separately advising OpenAI to wait for cross-agency sign-off before any broader rollout. That kind of coordinated pressure from multiple arms of the executive branch is unusual for a commercial AI product. According to AI Weekly, GPT-5.6 Sol's launch marks the first documented case of the White House directly restricting a commercial AI release on national security grounds.

For comparison, consider how federal agencies have responded to software vulnerabilities - our coverage of CVE-2026-20253: Critical Splunk RCE Actively Exploited shows agencies moving fast when they perceive systemic risk, a pattern that now extends to AI model releases.

What Legal Authority Is Behind This Review?

President Trump signed an executive order titled "Promoting Advanced Artificial Intelligence Innovation and Security" on June 2, 2026, establishing a voluntary framework for federal agencies to review advanced AI models for up to 30 days before public release. The White House published the full order text on the same date.

The order directs DHS, Treasury, the Office of the National Cyber Director, and NIST to jointly define within 60 days what constitutes a "covered frontier model" warranting government pre-review - with the NSA director making final capability threshold determinations, according to Cybersecurity Dive. No statute currently compels an AI company to comply. OpenAI's participation is a business and political calculation, not a legal obligation.

Is GPT-5.6 Sol Actually Dangerous?

OpenAI says no - at least not by its own measures. The company's internal review found Sol is better at helping people find and fix vulnerabilities than at enabling cyberattacks, and it does not meet the threshold that would trigger the company's own safety blocks.

That said, OpenAI flagged one real concern: unforeseen risks could emerge if Sol is paired with other external tools, a scenario its internal testing may not fully capture. That gave federal agencies room to argue caution was warranted. The distinction between what a model does alone versus what it enables in combination is now a central fault line in AI safety policy.

For context on how AI-accelerated vulnerability discovery compounds existing risks: a 2025 report cited by the Centre for Emerging Technology and Security (Turing Institute) found that over 45% of discovered security vulnerabilities in large organisations remain unpatched after 12 months. AI tools that surface new flaws faster than remediation teams can act are a documented concern, not a hypothetical one.

How Does This Compare to the Anthropic Situation?

The Sol restriction looks moderate when you put it next to what happened to Anthropic. On June 12, 2026 - weeks before the OpenAI news broke - the Trump administration ordered Anthropic to take its Fable 5 and Mythos 5 models entirely offline to prevent access by foreign nationals. That was a harder intervention: a forced takedown versus a restricted rollout.

The UK AI Security Institute independently evaluated Anthropic's Claude Mythos Preview and found it could execute multi-stage attacks on vulnerable networks autonomously - tasks that would take human professionals days - and it is the first model to complete a 32-step corporate network takeover simulation end-to-end, according to UK AI Security Institute (AISI). On expert-level cybersecurity tasks that no AI could complete before April 2025, Claude Mythos Preview now succeeds 73% of the time.

Claude Mythos Preview also fully autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD - CVE-2026-4747 - granting complete root access from an unauthenticated network position, with no human involved in either discovery or exploitation, per Anthropic's own red team report.

For background on how AI-assisted attacks have evolved alongside traditional threat actor tooling, see our coverage of STOCKSTAY Backdoor: Turla Targets Ukraine with .NET Espionage Tool.

Here is a side-by-side breakdown of the two restriction events:

Stanford cybersecurity expert Alex Stamos, reviewing Amazon's analysis of Anthropic's Fable model, concluded he found no risks not already present in publicly available models - including Chinese-made ones. His assessment, reported by the Washington Post (AP), challenges the premise that these emergency reviews are grounded in technical evidence. That tension - between measurable capability jumps and disputed real-world uplift - is the core policy dispute here.

Our earlier analysis of Claude Cowork Mobile Testing: What Paid Users Need to Know touched on Anthropic's expanding commercial footprint; the Fable and Mythos restrictions represent a sharp reversal of that momentum.

OpenAI's Pre-Release Red-Teaming: What the Numbers Show

OpenAI did not skip internal safety work before the federal review began. According to AI Weekly, the pre-release automated red-teaming for the GPT-5.6 family consumed roughly 700,000 A100e GPU hours and identified systemic "universal jailbreaks" across all three GPT-5.6 models. All three carry a "High" risk classification for both cybersecurity and biological/chemical capabilities.

That OpenAI still concluded Sol does not meet its internal safety-block threshold tells you something important about how the company calibrates risk - and why external reviewers at the federal level are not simply deferring to those internal conclusions.

What Should Your Organization Do Now?

If your team planned to integrate GPT-5.6 Sol into security tooling or workflows, treat the review window as active planning time rather than passive waiting.

• Audit your current AI vendor agreements - check whether contracts include clauses for regulatory delays or force majeure that could affect SLAs.
• Do not build production pipelines assuming Sol availability - use stable, generally available models as your baseline and treat Sol access as a conditional dependency.
• Track your approval status actively - if your organization may qualify as a trusted partner, contact your OpenAI account representative and request documentation of the vetting process. Log all communications with reference IDs in your vendor-review-log.
• Apply the combination-risk principle internally - OpenAI's own warning about Sol paired with third-party tools is a prompt to audit any AI pipeline where multiple models or plugins interact; review tool_use permissions and output chaining in existing deployments.
• Monitor the 30-day review window - the executive order caps federal review at 30 days, so mark calendar checkpoints and watch for release announcements from authoritative sources.
• Assess Anthropic alternatives carefully - Fable 5 and Mythos 5 were pulled offline; do not assume competing frontier models are freely available substitutes without checking their own regulatory status.

Security teams running mixed AI and traditional toolchains should also re-examine access broker exposure - our breakdown of the Mistic Backdoor: KongTuke Access Broker Fuels Ransomware shows how pipeline integrations create lateral risk that policy reviews do not cover.

Frequently Asked Questions

Is OpenAI legally required to comply with this review?

No. The Trump executive order framework is described as voluntary. OpenAI chose to limit Sol's availability in response to direct requests from senior federal officials, not because a statute compelled it. That distinction matters for understanding how the policy could evolve and how other AI developers might respond differently.

Who counts as a Trump-approved customer for GPT-5.6 Sol access?

Details are sparse. Reporting confirms roughly 20 partners have received access so far, but the criteria and process for approval have not been made fully public. The vetting appears to flow through the Office of the National Cyber Director and the Office of Science and Technology Policy, with Commerce Department involvement.

Does this mean GPT-5.6 Sol is considered a cyberweapon?

No - and OpenAI explicitly disputes that framing. The company's own analysis found Sol is more useful for defensive security work, such as finding and fixing vulnerabilities, than for offensive operations. The concern is not what Sol does alone but what it might enable when combined with other tools.

How long could the GPT-5.6 Sol restriction last?

The executive order allows up to 30 days for federal review. Whether OpenAI would extend the voluntary hold beyond that window under political pressure is unknown. The Anthropic situation - where models were pulled offline entirely - shows the range of outcomes is wider than a simple 30-day pause.

How does federal AI review differ from standard software export controls?

Traditional export controls target hardware and code transfers across borders. This framework targets model capability thresholds, assessed domestically before public release. The NSA director holds final authority on what counts as a "covered frontier model" under the June 2026 executive order - a significant expansion of national security review into commercial software territory.