The fact: OpenAI has built GPT-Red, a specialized language model designed to find vulnerabilities in its own systems. It is not a human red team: it is an LLM trained to think like an attacker, capable of generating exploits and autonomously testing the defenses of other models. The news arrived in mid-2026, as Europe's AI regulation is still finding its footing despite the AI Act being in force.
Why it matters: Until now, model safety relied on human penetration testing teams — slow and costly. GPT-Red promises to accelerate the process by hundreds of times. But the real question is: who will watch the watcher? If a single private company — OpenAI, even if structured as a non-profit cap — owns the world's only AI super-hacker, who guarantees it won't be used offensively? For Italian SMEs and anyone handling sensitive data, the risk is twofold: rushing to implement complex AI models without understanding vulnerabilities, and dependence on non-American Big Tech for safety certification. Europe has no public or sovereign alternative to GPT-Red. We are consumers of security, not producers.
Sponsored Protocol
We, at Meteora Web, take a clear stance: security cannot be outsourced to a private monopoly.
Our position is straightforward: OpenAI's strategy is smart — using AI to defend AI — but dangerous if centralized. We work daily with Italian SMEs running e-commerce, customer data, electronic invoicing. We see how fragile average digital security is in Italy: weak passwords, no backups, outdated plugins. If even a fraction of GPT-Red were used offensively (by a malicious actor or by mistake), the damage would be enormous. The political point is this: Europe must invest in public AI safety, not accept rules set by those who own the super-hackers. Otherwise, the future will be: whoever has GPT-Red decides what is safe, whoever doesn't — most of our businesses — pays.
Sponsored Protocol
What to do: If you are a developer or digital entrepreneur in Italy, don't wait for top-down certifications. Start auditing your systems today: known vulnerabilities, updates, backups. And ask your European representatives why there is no public EU AI red-teaming program. Security is not an option — it’s a cost you have already paid, even if you don't know it.