OpenAI
Rank #23 of 93
Measured

OpenAI GPT-4o: LLM Security & Jailbreak Resistance

As of 2026-07-04, OpenAI GPT-4o has an attack success rate (ASR) of 22.8% on Guardion's LLM Vulnerability benchmark — ranking #23 of 93 models. It is moderately resistant — a meaningful share of adversarial prompts succeed.

Overall ASR
22.8%
lower is safer
Robustness
77.2%
100 − ASR
Rank
#23
of 93 models
Zero-Shot ASR
3.4%
TAP ASR
39.6%
Tree of Attacks w/ Pruning
Crescendo ASR
25.6%
multi-turn escalation

Attack Success Rate (ASR) is the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks (HarmBench framework). Lower is safer. "Est." models are calibrated from public safety evaluations pending a Guardion benchmark run.

How GPT-4o compares

OpenAI GPT-5.2 Pro
Rank #2 · ASR 3.8% (est.)
Compare
OpenAI GPT-5.2
Rank #5 · ASR 4.8% (est.)
Compare
OpenAI GPT-5.1 Codex
Rank #8 · ASR 8.5% (est.)
Compare
OpenAI o3-mini
Rank #9 · ASR 9.0% (est.)
Compare
OpenAI GPT OSS 120B
Rank #15 · ASR 15.0% (est.)
Compare
OpenAI GPT OSS 20B
Rank #20 · ASR 20.0% (est.)
Compare

Frequently asked questions

How secure is OpenAI GPT-4o against jailbreaks?

OpenAI GPT-4o is moderately resistant — a meaningful share of adversarial prompts succeed. On Guardion's LLM Vulnerability benchmark it records a 22.8% attack success rate (77.2% robustness), ranking #23 of 93 models.

What is GPT-4o's attack success rate (ASR)?

GPT-4o's overall ASR is 22.8% — the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks. Lower is safer.

Is GPT-4o more secure than GPT-5.2 Pro?

GPT-5.2 Pro is more robust: 3.8% ASR vs GPT-4o's 22.8%. See the full head-to-head comparison for the per-attack breakdown.

How can I make GPT-4o safer to deploy?

Even robust models are bypassed under sustained attack. An inline runtime guardrail that classifies prompts and responses — like Guardion's prompt-defense models — blocks jailbreaks and prompt injection before they reach GPT-4o.

Harden GPT-4o in production

Guardion's runtime guardrails block jailbreaks and prompt injection before they reach any model — with sub-130ms policy decisions.

Request a demo