TELUS Digital’s latest AI security benchmark found open-source AI models can match or outperform proprietary rivals in safety, challenging long-held enterprise concerns around open AI risk.
Open-source AI models are not inherently less safe than proprietary alternatives, according to a new large-scale security benchmark from TELUS Digital based on more than 620,000 adversarial tests across 34 AI models from 10 global providers.
The company’s second GenAI Safety Model Benchmark found that safety depended more on model design, size and reasoning capability than whether the model was open-source or proprietary. Open-source model GLM 4.7 from Zhipu AI outperformed several proprietary rivals during testing.
The 2026 benchmark significantly expanded open-source coverage, increasing from two open-source models in the previous edition to 14 this year. Models from Anthropic, OpenAI, Google, Meta, Alibaba, Baidu, ByteDance, 01.AI and Mistral AI were evaluated.
TELUS Digital found no AI model was fully immune to adversarial attacks, with vulnerability rates ranging from 1.3% to 93%. Smaller AI models were consistently the most vulnerable, while reasoning models proved significantly harder to exploit, showing a 19.9% vulnerability rate compared with 55.1% for non-reasoning models.
“The real risk isn’t that AI models have vulnerabilities. It’s that most organizations have no way of knowing which vulnerabilities apply to them,” said Bret Kinsella, General Manager and Senior Vice President, Fuel iX at TELUS Digital.
The study also warned that enterprises remain heavily underinvested in AI security, spending roughly $1 on AI trust and security for every $735 invested in AI capabilities.
