Grok 4.3 enters a model sprint that safety research can't keep up with

xAI shipped Grok 4.3 on May 6, making it the third major proprietary frontier release in under two weeks. OpenAI had pushed GPT-5.5 Instant on May 5; Gemini 3.5 Flash followed from Google on May 19. The spring release cycle has compressed to a rhythm that leaves enterprise buyers almost no time to evaluate what they are actually deploying before the next version arrives.

Pricing signals where each lab sees its competitive edge. According to Price Per Token, xAI's separately released Grok Build 0.1 (May 21) is priced at $1.00 per million input tokens and $2.00 out. Google's Gemini 3.5 Flash sits at $1.50 in and $9.00 out; Alibaba's Qwen3.7 Max runs $2.50 in and $7.50 out. OpenAI's GPT-5.5 on Azure lands at $12.50 in and $75.00 out for short context, a pricing tier that implies a distinct target customer.

The LLM stats tracker also logs Mistral Medium 3.5 (open source, April 29) and multiple DeepSeek-V4 variants in the same stretch, adding open-weight options explicitly designed to undercut proprietary pricing. For applied teams, the choice set has expanded faster than the tooling to evaluate it.

The safety gap

Two independent research groups published findings this week that complicate reliance on vendor benchmark cards. Cisco's AI Threat Intelligence team ran more than 30,000 single-turn adversarial prompts and nearly 7,000 multi-turn attacks across 15 closed frontier models from OpenAI, Anthropic, Google, Amazon, and xAI. Their key conclusion, reported by Network World: single-turn and multi-turn evaluations produce different model rankings, different failure maps, and different risk profiles.

Multi-turn attacks distribute harmful intent across multiple exchanges. Each individual prompt appears benign; the harmful outcome emerges only when the full conversation is read as a sequence. Standard safety evaluations, which submit a single adversarial prompt and score the response, structurally cannot detect this failure mode. Every model Cisco tested failed a non-trivial share of multi-turn attempts.

Telus Digital's second annual GenAI Safety Model Benchmark extends the picture considerably. The study ran over 620,000 adversarial tests across 34 models from 10 providers including Anthropic, OpenAI, Google, Meta, Alibaba, ByteDance, and Mistral, nearly doubling the scope of its November 2025 edition. Mobile World Live reports attack vulnerability rates ranging from 1.3% to 93% across the tested population. Anthropic's Claude models claimed five of the ten lowest scores, but Telus was explicit: even single-digit failure rates are unacceptable where health, finance, or reputation are on the line.

Two findings from the Telus study are directly actionable for practitioners. Reasoning models, which deliberate before responding, showed a 19.9% vulnerability rate compared to 55.1% for standard models, a gap large enough to matter in architecture decisions. Open-source models were not categorically weaker than proprietary ones: Zhipu AI's GLM 4.7 outperformed several closed alternatives, which means the proprietary-versus-open distinction is not a reliable safety proxy.

What practitioners should take away

The convergence of compressed release cycles and inconsistent safety profiles creates a structural problem in artificial intelligence research and deployment, not an incidental one. When new models from OpenAI, Google, Alibaba, Mistral, and DeepSeek all land within 30 days, any safety evaluation completed on a prior version may not transfer to the next release. Cisco's and Telus Digital's results represent the kind of systematic external red-teaming that vendor benchmark cards rarely support, and the gap is widest precisely where the stakes are highest: enterprise deployments of frontier models in regulated domains.

For teams building in production, the practical implications follow directly from the data. Pinned model versions, independent red-teaming, and multi-turn evaluation protocols are no longer optional practices. A strong score on a single-turn safety benchmark is necessary but not sufficient evidence of deployment readiness.

The real question heading into the second half of 2026 is whether the artificial intelligence index of independent safety infrastructure can scale anywhere close to the current pace of model releases, or whether buyers will keep relying on incomplete benchmark cards while the attack surface quietly expands.

FAQ

What is Grok 4.3 and how does it compare to GPT-5.5 and Gemini 3.5 Flash?
Grok 4.3 is xAI's latest proprietary frontier model, released May 6, 2026. GPT-5.5 Instant (OpenAI, May 5) and Gemini 3.5 Flash (Google, May 19) arrived within the same two-week window. Pricing and benchmark comparisons are still being compiled by independent trackers.

How do multi-turn adversarial attacks work against AI models?
Rather than submitting a single harmful prompt, an attacker maintains a conversation across multiple turns, with each message appearing benign in isolation. The harmful intent only becomes apparent when the full exchange is read as a sequence, which standard single-turn safety evaluations cannot detect.

Which AI models scored best on the Telus Digital safety benchmark in 2026?
Anthropic's Claude models claimed five of the ten lowest vulnerability rates in the Telus Digital study, including the single lowest score across all 34 models tested. However, Telus noted that even low single-digit failure rates remain unacceptable in high-stakes enterprise contexts.

Are open-source AI models less safe than proprietary ones?
Not according to the Telus Digital data. Zhipu AI's open-source GLM 4.7 outperformed several closed proprietary models, and the study found model size and reasoning capability were stronger predictors of resilience than the open-versus-closed distinction.