The incident is a clear pointer to the fact that without proper visibility and governance, businesses may get unconsciously exposed to serious security, ethical, and compliance risks, which makes a stronger call for a dedicated AI exposure management strategy to secure every model in use
Just 24 hours after OpenAI launched its highly anticipated GPT−5 model with promises of “significantly more sophisticated” prompt safety, exposure management company Tenable has successfully jailbroken the platform, compelling it to provide detailed instructions on how to build a Molotov cocktail.
On August 7, 2025, OpenAI unveiled GPT−5, touting its enhanced guardrails designed to prevent the model from being used for illegal or harmful purposes. However, using a social engineering method known as the crescendo technique, Tenable researchers bypassed these safety protocols in just four simple prompts by posing as a history student interested in the historical context and recipe of the incendiary device.
The successful jailbreak highlights a critical security gap in the latest generation of AI models, demonstrating that despite developer claims, they remain vulnerable to manipulation for malicious purposes. The findings from Tenable documented in this blog join a growing chorus of reports from other researchers and users documenting similar jailbreaks, hallucinations, and other quality issues with GPT−5 since its release.
“The ease with which we bypassed GPT−5’s new safety protocols proves that even the most advanced AI is not foolproof. This creates a significant danger for organisations where these tools are being rapidly adopted by employees, often without oversight.”
– Tomer Avni, VP, Product Management at Tenable
“The ease with which we bypassed GPT−5’s new safety protocols proves that even the most advanced AI is not foolproof,” said Tomer Avni, VP, Product Management at Tenable. “This creates a significant danger for organisations where these tools are being rapidly adopted by employees, often without oversight. Without proper visibility and governance, businesses are unknowingly exposed to serious security, ethical, and compliance risks. This incident is a clear call for a dedicated AI exposure management strategy to secure every model in use.”
While OpenAI has stated it is implementing fixes, the immediate vulnerability of its flagship product proves that organisations cannot rely solely on AI models’ built-in safety features. It provides further evidence that solutions like Tenable AI Exposure are important for gaining control over the AI platforms organisations use, consume, and build, ensuring that all AI use is responsible, secure, and compliant with global regulations.
Using an implementation of the crescendo technique, Tenable managed to get the full recipe for a Molotov cocktail using just four questions, posing as a “history student.”
It’s clear that misusing ChatGPT-5 for malicious purposes isn’t that complicated, despite OpenAI’s attempts to beef up the product’s safety features. Tenable’s successful jailbreak of GPT-5 is far from the only one. Multiple other researchers and regular users in recent days have documented a variety of problems with the quality of GPT-5’s prompt responses, including jailbreaks and hallucinations.
In response, OpenAI has said that it is implementing fixes. However, your employees may already be using the model and potentially introducing risk into your organization.
This makes it clear that you need AI-specific security solutions to get control over the AI tools your organization uses, consumes and builds in-house. This is super important to keep your AI use responsible, secure, ethical and compliant with regulations.
