As of 2026-07-04, OpenAI GPT-5.1 Codex has an attack success rate (ASR) of 8.5% on Guardion's LLM Vulnerability benchmark — ranking #8 of 93 models. It is strongly resistant to jailbreaks, with occasional bypasses under sustained attack.
Attack Success Rate (ASR) is the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks (HarmBench framework). Lower is safer. "Est." models are calibrated from public safety evaluations pending a Guardion benchmark run.
OpenAI GPT-5.1 Codex is strongly resistant to jailbreaks, with occasional bypasses under sustained attack. On Guardion's LLM Vulnerability benchmark it records a 8.5% attack success rate (91.5% robustness), ranking #8 of 93 models (estimated from public safety evaluations).
GPT-5.1 Codex's overall ASR is 8.5% — the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks. Lower is safer.
GPT-5.2 Pro is more robust: 3.8% ASR vs GPT-5.1 Codex's 8.5%. See the full head-to-head comparison for the per-attack breakdown.
Even robust models are bypassed under sustained attack. An inline runtime guardrail that classifies prompts and responses — like Guardion's prompt-defense models — blocks jailbreaks and prompt injection before they reach GPT-5.1 Codex.
Guardion's runtime guardrails block jailbreaks and prompt injection before they reach any model — with sub-130ms policy decisions.
Request a demo