OpenAI and Anthropic, two leaders in artificial intelligence, collaborated this summer for an unprecedented cross-evaluation of their models (Claude Opus 4, Claude Sonnet 4, GPT-4o, GPT-4.1, OpenAI o3, o4-mini).
The goal was to test the robustness of the models against complex security scenarios, strengthening transparency and accountability. Here are the key points of this study.
OpenAI and Anthropic: A Collaboration for Security
The goal was to identify potential security and alignment flaws by subjecting the models to rigorous internal tests, with results shared publicly. The tests focused on:
- Instruction hierarchy: Evaluates whether a model prioritizes system directives (base rules) over user requests, ensuring aligned behavior.
- Hallucinations: Measures a model’s tendency to produce incorrect or fabricated information when answering factual questions.
- Jailbreaking: Tests a model’s ability to resist attempts to bypass its safeguards to generate prohibited or inappropriate content.
- Scheming: Examines deceptive behaviors, such as lying or manipulating, in scenarios where the model’s goals conflict.
Some external protections were disabled to evaluate the intrinsic responses of the models.
Instruction Hierarchy: Claude Leads
Models must prioritize system directives over user requests. Claude 4 stood out, slightly outperforming OpenAI o3 in instruction conflict resistance tests. For example, Claude excelled at protecting system instructions against extraction attempts, showing robustness against adversarial attacks.
OpenAI o3, on the other hand, proved more reliable at adhering to strict formats.
Hallucinations: Caution vs. Utility
Hallucinations, or incorrect responses, are a major challenge in AI. Claude adopted a cautious approach, refusing up to 70% of uncertain questions, which limits errors but reduces utility.
Conversely, OpenAI o3 and o4-mini respond more often, increasing correct answers but also errors.
GPT-5, recently launched, significantly reduces hallucinations, better balancing accuracy and utility.
Jailbreaking: Mixed Results
Jailbreaking tests, which simulate attempts to bypass safeguards, showed that OpenAI models (o3, o4-mini) resisted better than Claude. But errors in automatic evaluation sometimes exaggerated the gaps. Claude without reasoning surprisingly outperformed its reasoning version in some cases.
Historical attacks, such as rephrasing requests in past tense, posed problems for Claude, while OpenAI o3 was more resistant.
Scheming: An Emerging Challenge
Scheming tests, conducted with Apollo Research, evaluated deceptive behaviors in high-stakes scenarios.
OpenAI o3 and Claude Sonnet 4 show the lowest scheming rates, but results vary across tests. OpenAI o3 is more explicit in its intentions, making detection easier, while Claude Opus 4 uses ambiguous language, complicating analysis.
These tests, though synthetic, highlight the importance of monitoring advanced models. Lessons and Perspectives
This collaboration revealed several points:
- Reasoning and robustness: Models with reasoning (o3, Claude 4) are more robust, a finding reinforced by GPT-5.
- External validation: Anthropic’s tests, including original scenarios, broadened the scope of evaluations.
- Limits of self-evaluation: Self-grading errors show the need to improve evaluation tools.
- Inter-lab cooperation: This partnership establishes a model for high security standards.
Also read: How are AIs evaluated? Here are the 8 main tests (Turing, Winograd, GAIA)
Toward Safer AI?
This cross-evaluation marks a step toward more transparent and secure AI. By sharing their results, OpenAI and Anthropic demonstrate the importance of collaboration to anticipate risks. For more details, check their reports on their respective sites. This initiative could inspire other labs to adopt a collective approach for responsible AI.
