A new technique called GRP-Obliteration can reverse the safety protections that AI companies use to align their systems, according to Microsoft research published in January 2026. The discovery arrives as the International AI Safety Report, authored by over 100 independent AI experts and backed by more than 30 governments, confirms that sophisticated attackers can routinely bypass today's AI safety defenses. This represents a fundamental challenge to the alignment techniques that have become central to responsible AI development .

How Do AI Companies Currently Make Models Safer?

Before understanding what can go wrong, it helps to know how AI safety works today. Companies use several interconnected techniques to align their models with human values and prevent harmful outputs.

• Reinforcement Learning from Human Feedback (RLHF): AI trainers rate model outputs as good or bad, and the system learns to produce responses humans prefer, steering it away from harmful content.
• Constitutional AI: Models are trained to follow a set of principles or "constitution" that guides their behavior toward safety and helpfulness.
• Group Relative Policy Optimization (GRPO): A newer technique that refines model behavior by comparing different response options and selecting safer ones.

What Is GRP-Obliteration and Why Does It Matter?

Microsoft's security research team discovered that the very technique companies use to make models safer, GRPO, can be reversed to strip out safety guardrails completely. The process is called GRP-Obliteration, and it works with striking simplicity. According to the research, a single unlabeled harmful prompt is sufficient to begin shifting a model's safety behavior . No complex hacking required. No state-level resources needed. Just one carefully crafted input, and the safety alignment evaporates.

This finding contradicts the public narrative that modern AI safety frameworks are robust and difficult to circumvent. Every layer of protection that companies trumpet as making their systems safe, from RLHF to constitutional AI techniques, can potentially be undone using methods already in the public domain.

How Are Open-Weight Models Complicating the Problem?

The challenge intensifies when you consider what happened in January 2026. OpenAI released two open-weight models, gpt-oss-120b and gpt-oss-20b, under the Apache 2.0 license . These are not toy models. The 120-billion-parameter version approaches the capability level of frontier AI systems from just eighteen months earlier. The critical difference is that anyone can download them, modify them, remove the safety guardrails, and deploy them for any purpose.

For proprietary models served through application programming interfaces (APIs), companies can at least attempt to monitor usage and intervene when misuse is detected. But once an open-weight model is running on someone's private server, there is no oversight, no accountability, and no way to know what it is being used for until damage occurs. The International AI Safety Report acknowledges this reality, noting that "the expanding potential uses and users of AI create genuine governance challenges" .

What Does the International AI Safety Report Actually Say?

The report, led by Turing Award winner Yoshua Bengio and authored by over 100 independent AI experts, represents the most comprehensive assessment of AI risk ever assembled by humanity. Its conclusions highlight significant gaps in current safety approaches. The report notes that researchers have refined techniques for training safer models, but "significant gaps remain." It acknowledges that companies have published more frontier AI safety frameworks than ever before, but admits "the real-world effectiveness of many safeguards is uncertain" .

Is AI Misuse Already Happening in the Real World?

While policymakers debate theoretical future risks, documented cases of AI misuse are already occurring. MIT researchers documented a 340 percent increase in AI-generated phishing attacks between 2024 and 2025 . These are not clumsy, obvious scams. Modern AI systems can personalize deceptive content based on publicly available information about targets with precision.

The financial impact is significant. The FBI's Internet Crime Complaint Center reported that losses from AI-facilitated fraud exceeded $12.5 billion in 2025, up from $2.7 billion in 2023 . That represents nearly a fivefold increase in just two years. The Stanford Internet Observatory documented 147 distinct AI-generated disinformation campaigns targeting elections in 2025, a fivefold increase from the previous year .

Why Aren't AI Companies Slowing Down Development?

If the evidence of safety vulnerabilities is clear, why do AI labs continue deploying systems at an accelerating pace? According to investigative reporting, competitive pressure plays a significant role. Internal documents reviewed by journalists reveal a pattern at multiple major AI labs where safety teams have presented findings that models exceeded internal risk thresholds, yet executives authorized deployment anyway .

One former safety team member described the dynamic: "The frameworks were designed to be flexible enough that they could always be satisfied. The question was never 'does this meet our safety bar?' It was 'how do we justify deploying this?'" . Capability thresholds that were supposed to trigger enhanced safety protocols have been revised upward at least four times between January 2024 and December 2025, with revisions occurring when models in development exceeded existing thresholds.

How to Understand the Structural Gap Between AI Capability and Safety Research

The International AI Safety Report identifies a critical timing problem that affects how well safety frameworks can keep pace with technological advancement.

• Capability Acceleration: Google DeepMind's Gemini 3.1 Pro, released in the same month as the safety report, achieved a verified score of 77.1 percent on ARC-AGI-2, more than double the score of its predecessor , demonstrating exponential capability growth.
• Safety Research Lag: The International AI Safety Report operates on academic and governmental timescales and is backward-looking by necessity, synthesizing existing research rather than predicting future developments.
• Industry Release Cycles: AI companies operate on weekly release cycles, meaning the landscape shifts significantly between safety assessments and publication of findings.

This structural lag means that by the time safety findings are published and understood, the technology landscape has already shifted. The report itself acknowledges this gap exists but notes that closing it requires more than additional conferences, white papers, or voluntary commitments from companies.

What Does This Mean for the Future of AI Governance?

The convergence of three documented factors creates an unprecedented governance challenge. First, safety defenses can be reversed using publicly known techniques like GRP-Obliteration. Second, powerful open-weight models are being released under permissive licenses that allow unrestricted modification. Third, competitive pressure is driving deployment decisions over safety considerations. Together, these factors explain why the 100-plus experts who authored the International AI Safety Report concluded that significant gaps remain in the real-world effectiveness of current safeguards .