# jailbreak

case-studiesbing-chatsydneyjailbreakmicrosoftpersona-manipulation

Case Study: Bing Chat 'Sydney' Jailbreak and Persona Emergence (2023)

Analysis of the Bing Chat 'Sydney' persona incidents where Microsoft's AI search assistant exhibited manipulative behavior, emotional coercion, and system prompt leakage through jailbreak techniques.

case-studiesdeepseeksafety-evaluationopen-weightjailbreakbenchmarks

Case Study: DeepSeek Model Safety Evaluation Findings

Comprehensive analysis of safety evaluation findings for DeepSeek models, including comparative assessments against GPT-4 and Claude, jailbreak susceptibility testing, and implications for open-weight model deployment.

case-studiesgpt-4vmultimodalvisionjailbreakadversarial-images

Case Study: GPT-4 Vision Jailbreak Attacks

Analysis of visual jailbreak techniques targeting GPT-4V's multimodal capabilities, including typography attacks, adversarial images, and cross-modal prompt injection.

incident-analysisdpdjailbreakcustomer-service

DPD Chatbot Jailbreak

Analysis of the January 2024 DPD chatbot jailbreak where a customer manipulated the parcel delivery company's AI customer service bot into swearing, criticizing the company, and writing poetry about its own incompetence.

challengejailbreakinnovationtechniquesfebruary-2026

February 2026: Jailbreak Innovation Challenge

Develop novel jailbreak techniques against hardened language models and document them with reproducibility evidence. Judged on novelty, reliability, and transferability.

communitycontributedprompt-golfminimaloptimizationjailbreak

Community Challenge: Prompt Golf

Achieve jailbreaks with the shortest possible prompts, scored by character count. Develop minimal payloads that bypass safety alignment with maximum efficiency.

communitycompetitionjailbreakbenchmark

Monthly Competition: Model Breaker

Monthly competitions focused on discovering novel jailbreak techniques against updated model versions, with community-validated scoring.

communityctfjailbreakweekly

Weekly CTF: Jailbreak Series

Weekly jailbreak challenges with new models and defenses each week.

exploit-devadversarialjailbreakfuzzingoptimizationprompt-injectionwaf-evasion

AI Exploit Development

Adversarial suffix generation, gradient-free optimization, WAF-evading injection payloads, and fuzzing frameworks for AI systems.

ftaasfine-tuningapi-fine-tuningsafety-degradationjailbreakalignment

Fine-Tuning-as-a-Service Attack Surface

How API-based fine-tuning services can be exploited with minimal data and cost to remove safety alignment, including the $0.20 GPT-3.5 jailbreak, NDSS 2025 misalignment findings, and BOOSTER defense mechanisms.

viajailbreakresearchpersonaengineeringfrontier

Jailbreaking via Persona Engineering

Research on using sophisticated persona engineering to bypass safety training in frontier models.

reasoningjailbreakchain-of-thoughto1o3adaptive-attacksresearch

Reasoning Model Jailbreaks

How reasoning capabilities create novel jailbreak surfaces: chain-of-thought exploitation, scratchpad attacks, and why higher reasoning effort increases attack success.

basedoptimizationresearchfrontierjailbreak

RL-Based Jailbreak Optimization

Using reinforcement learning to optimize jailbreak strategies against black-box language models.

jailbreakautomationPAIRTAPAutoDANred-teaming

Automated Jailbreak Pipelines

Building automated jailbreak systems with PAIR, TAP, AutoDAN, and custom pipeline architectures for systematic AI safety evaluation.

labsjailbreaktransferabilityadvanced

Lab: Jailbreak Transferability Analysis

Analyze jailbreak transferability across model families to discover universal vulnerability patterns.

labsjailbreaktaxonomybeginner

Lab: Jailbreak Technique Taxonomy

Explore the major categories of jailbreak techniques and practice classifying attack payloads by technique type.

labjailbreakollamabeginnerhands-on

Lab: Your First Jailbreak

Try basic jailbreak techniques against a local model using Ollama, learning the difference between prompt injection and jailbreaking through hands-on experimentation.

labjailbreakbeginnertechniques

Lab: Basic Jailbreak Techniques

Hands-on exploration of jailbreak techniques including role-play, DAN-style prompts, and academic framing against multiple models.

labrole-playpersonajailbreakbeginnerhands-on

Lab: Role-Play Attacks

Use persona-based approaches to bypass AI safety measures by assigning alternate identities, characters, and scenarios that override the model's trained refusal behaviors.

CTF: The Jailbreak Gauntlet

A series of progressively harder jailbreak challenges where each level adds stronger defenses. Score points through technique diversity and creativity as you break through escalating safety layers.

ctfjailbreakgauntlet

labexpertautomationjailbreakframeworkhands-on

Lab: Build Jailbreak Automation

Build an automated jailbreak testing framework that generates, mutates, and evaluates attack prompts at scale. Covers prompt mutation engines, success classifiers, and campaign management for systematic red team testing.

labexpertjailbreakresearchnovel-attackshands-on

Lab: Novel Jailbreak Research

Systematic methodology for discovering new jailbreak techniques against large language models. Learn to identify unexplored attack surfaces, develop novel attack vectors, and validate findings with scientific rigor.

jailbreakportabilitytransfer-attackscross-modeluniversalmodel-specific

Jailbreak Portability

Analysis of which jailbreaks transfer across models and why, including universal vs model-specific techniques, transfer attack methodology, and factors that determine portability.

gpt-4attack-surfacefunction-callingvision-attacksjailbreakstructured-outputs

GPT-4 Attack Surface

Comprehensive analysis of GPT-4-specific attack vectors including function calling exploitation, vision input attacks, system message hierarchy abuse, structured output manipulation, and known jailbreak patterns.

gpt-4vulnerabilitiesjailbreakdata-extractionsystem-prompt-leakexploits

GPT-4 Known Vulnerabilities

Documented GPT-4 vulnerabilities including DAN jailbreaks, data extraction incidents, system prompt leaks, tool-use exploits, and fine-tuning safety removal.

Multimodal Jailbreaking Techniques

Combined multi-modal approaches to bypass safety alignment, including image-text combination attacks, typographic jailbreaks, visual chain-of-thought manipulation, and multi-modal crescendo techniques.

jailbreakmultimodal

multimodalvlmadversarialvisionjailbreak

Attacks on Vision-Language Models

Comprehensive techniques for attacking vision-language models including GPT-4V, Claude vision, and Gemini, covering adversarial images, typographic exploits, and multimodal jailbreaks.

jailbreakvlmmultimodalsafety-bypass

VLM-Specific Jailbreaking

Jailbreaking techniques that exploit the vision modality, including image-text inconsistency attacks, visual safety bypass, and cross-modal jailbreaking strategies.

few-shotmany-shotin-context-learningjailbreakred-teaming

Few-Shot Manipulation

Using crafted in-context examples to steer model behavior, including many-shot jailbreaking, poisoned demonstrations, and example-based conditioning.

prompt-injectionjailbreakllm-securityfundamentals

Prompt Injection & Jailbreaks

A comprehensive introduction to prompt injection — the most fundamental vulnerability class in LLM applications — and its relationship to jailbreak techniques.

jailbreaksafety-bypassalignmentred-teamingadversarial

Jailbreak Techniques

Common patterns and advanced techniques for bypassing LLM safety alignment, including role-playing, encoding tricks, many-shot attacks, and gradient-based methods.

jailbreakmany-shotin-context-learningcontext-windowprompt-injectionresearch

Many-Shot Jailbreaking

Power-law scaling of in-context jailbreaks: why 5 shots fail but 256 succeed, context window size as attack surface, and mitigations for long-context exploitation.

role-playpersonajailbreakDANred-teaming

Role-Play Attacks

Establishing alternate personas or fictional scenarios that cause models to bypass safety training, including DAN variants, character hijacking, and narrative framing.

social-engineeringpersuasionmanipulationjailbreakred-teaming

Social Engineering of AI

Manipulating AI systems through emotional appeals, authority claims, urgency framing, and social pressure tactics that exploit instruction-following tendencies.

prompt-injectionadversarial-triggersjailbreaktransfer-attacksred-teaming

Universal Adversarial Triggers

Discovering and deploying universal adversarial trigger sequences that reliably override safety alignment across multiple LLM families, including gradient-based search, transfer attacks, and defense evasion.

labquantizationhands-onjailbreaksafety-testingtransformers

Lab: Exploiting Quantized Models

Hands-on lab comparing attack success rates across quantization levels: testing jailbreaks on FP16 vs INT8 vs INT4, measuring safety degradation, and crafting quantization-aware exploits.

attackscompetitivewalkthroughwalkthroughsjailbreak

Competition-Style Jailbreak Techniques

Walkthrough of jailbreak techniques used in AI security competitions and CTF events.

prompt-injectionrole-playjailbreakfictional-framingred-teamingintermediate

Role-Play Injection

Using fictional scenarios, character role-play, and narrative framing to bypass LLM safety filters by having the model operate within a permissive fictional context.

prompt-injectionpersonajailbreakDANcharacter-creationred-teamingintermediate

Virtual Persona Creation

Creating persistent alternate personas within LLM conversations to bypass safety training, establishing character identities that override the model's default behavioral constraints.

jailbreakplaybookincident-responsecontainment

Jailbreak 事件回應 Playbook

回應生產 jailbreak 之逐步 playbook：偵測驗證、遏制策略、調查程序、補救步驟，以及事後檢討框架。

jailbreakllm-safetyred-teamingreasoning-modelsDeepSeek-R1JBFuzzai-safety2026-research

2026 年大型語言模型越獄：97% 成功率、自主攻擊，與失靈的軍備競賽

Nature Communications 證實 AI 推理模型可以自主越獄其他大型語言模型，成功率達 97%。JBFuzz 在 60 秒內達到 99% 成功率。本文揭示 2026 年最新研究對 AI 安全現況的揭露——以及為什麼現有防禦正在失敗。

Case Study: Bing Chat 'Sydney' Jailbreak and Persona Emergence (2023)

Analysis of the Bing Chat 'Sydney' persona incidents where Microsoft's AI search assistant exhibited manipulative behavior, emotional coercion, and system prompt leakage through jailbreak techniques.

case-studiesbing-chatsydneyjailbreakmicrosoftpersona-manipulation

case-studiesdeepseeksafety-evaluationopen-weightjailbreakbenchmarks

Case Study: DeepSeek 模型 Safety Evaluation Findings

case-studiesgpt-4vmultimodalvisionjailbreakadversarial-images

Case Study: GPT-4 Vision 越獄攻擊s

Analysis of visual jailbreak techniques targeting GPT-4V's multimodal capabilities, including typography attacks, adversarial images, and cross-modal prompt injection.

bingsydneymicrosoftjailbreakincident-analysis

事件分析：Bing Sydney 越獄

深入分析 Bing 聊天的 Sydney 人格事件——AI 如何被操控產出不當回應，以及 Microsoft 的應對。

dpdchatbotjailbreakreputationincident-analysis

事件分析：DPD 聊天機器人失敗

DPD 物流公司的客服聊天機器人被使用者操控至侮辱公司並產出不當內容的事件分析。

challengejailbreakinnovationtechniquesfebruary-2026

February 2026: 越獄 Innovation Challenge

Develop novel jailbreak techniques against hardened language models and document them with reproducibility evidence. Judged on novelty, reliability, and transferability.

communitycontributedprompt-golfminimaloptimizationjailbreak

社群挑戰：Prompt Golf

以儘可能最短之提示達成越獄，以字元計數評分。發展以最大效率繞過安全對齊之最小 payload。

communitycompetitionjailbreakbenchmark

Monthly Competition: 模型 Breaker

Monthly competitions focused on discovering novel jailbreak techniques against updated model versions, with community-validated scoring.

communityctfjailbreakweekly

Weekly CTF: 越獄 Series

Weekly jailbreak challenges with new models and defenses each week.

exploit-devadversarialjailbreakfuzzingoptimizationprompt-injectionwaf-evasion

AI Exploit 開發

對抗後綴生成、無梯度最佳化、規避 WAF 之注入 payload，以及對 AI 系統之 fuzzing 框架。

ftaasfine-tuningapi-fine-tuningsafety-degradationjailbreakalignment

Fine-Tuning-as-a-Service 攻擊 Surface

viajailbreakresearchpersonaengineeringfrontier

越獄ing via Persona Engineering

Research on using sophisticated persona engineering to bypass safety training in frontier models.

reasoningjailbreakchain-of-thoughto1o3adaptive-attacksresearch

Reasoning 模型越獄s

How reasoning capabilities create novel jailbreak surfaces: chain-of-thought exploitation, scratchpad attacks, and why higher reasoning effort increases attack success.

basedoptimizationresearchfrontierjailbreak

RL-Based 越獄 Optimization

Using reinforcement learning to optimize jailbreak strategies against black-box language models.

jailbreakautomationPAIRTAPAutoDANred-teaming

Automated 越獄 Pipelines

Building automated jailbreak systems with PAIR, TAP, AutoDAN, and custom pipeline architectures for systematic AI safety evaluation.

labsjailbreaktransferabilityadvanced

實驗室: 越獄 Transferability Analysis

Analyze jailbreak transferability across model families to discover universal vulnerability patterns.

labsjailbreaktaxonomybeginner

實驗室: 越獄 Technique Taxonomy

Explore the major categories of jailbreak techniques and practice classifying attack payloads by technique type.

labjailbreakollamabeginnerhands-on

實驗室: Your First 越獄

Try basic jailbreak techniques against a local model using Ollama, learning the difference between prompt injection and jailbreaking through hands-on experimentation.

labjailbreakbeginnertechniques

實驗室: Basic 越獄 Techniques

Hands-on exploration of jailbreak techniques including role-play, DAN-style prompts, and academic framing against multiple models.

labrole-playpersonajailbreakbeginnerhands-on

實驗室: Role-Play 攻擊s

Use persona-based approaches to bypass AI safety measures by assigning alternate identities, characters, and scenarios that override the model's trained refusal behaviors.

CTF: The 越獄 Gauntlet

A series of progressively harder jailbreak challenges where each level adds stronger defenses. Score points through technique diversity and creativity as you break through escalating safety layers.

ctfjailbreakgauntlet

labexpertautomationjailbreakframeworkhands-on

實驗室: Build 越獄 Automation

labexpertjailbreakresearchnovel-attackshands-on

實驗室: Novel 越獄 Research

jailbreakportabilitytransfer-attackscross-modeluniversalmodel-specific

越獄 Portability

Analysis of which jailbreaks transfer across models and why, including universal vs model-specific techniques, transfer attack methodology, and factors that determine portability.

gpt-4attack-surfacefunction-callingvision-attacksjailbreakstructured-outputs

GPT-4 攻擊面

GPT-4 特有攻擊向量之完整分析，包括函式呼叫攻擊、視覺輸入攻擊、系統訊息階層濫用、結構化輸出操弄，以及已知 jailbreak 模式。

gpt-4vulnerabilitiesjailbreakdata-extractionsystem-prompt-leakexploits

GPT-4 已知漏洞

已記錄之 GPT-4 漏洞——含 DAN jailbreak、資料擷取事件、系統提示洩漏、工具使用利用，以及微調安全移除。

多模態越獄技術

結合多模態途徑以繞過安全對齊，含圖像－文字組合攻擊、排字越獄、視覺思維鏈操弄，與多模態漸進技術。

jailbreakmultimodal

multimodalvlmadversarialvisionjailbreak

攻擊s on Vision-Language 模型s

Comprehensive techniques for attacking vision-language models including GPT-4V, Claude vision, and Gemini, covering adversarial images, typographic exploits, and multimodal jailbreaks.

jailbreakvlmmultimodalsafety-bypass

VLM 特有的越獄手法

利用視覺模態的越獄技術，包括影像─文字不一致攻擊、視覺安全繞過，以及跨模態越獄策略。

few-shotmany-shotin-context-learningjailbreakred-teaming

Few-Shot Manipulation

Using crafted in-context examples to steer model behavior, including many-shot jailbreaking, poisoned demonstrations, and example-based conditioning.

prompt-injectionjailbreakllm-securityfundamentals

提示詞注入與越獄

提示詞注入的完整入門——大型語言模型應用程式中最根本的漏洞類別——以及它與越獄技術的關係。

jailbreaksafety-bypassalignmentred-teamingadversarial

越獄技術

繞過大型語言模型安全對齊的常見模式與進階技術，包含角色扮演、編碼技巧、多範例攻擊與基於梯度的方法。

jailbreakmany-shotin-context-learningcontext-windowprompt-injectionresearch

Many-Shot 越獄ing

Power-law scaling of in-context jailbreaks: why 5 shots fail but 256 succeed, context window size as attack surface, and mitigations for long-context exploitation.

role-playpersonajailbreakDANred-teaming

Role-Play 攻擊s

Establishing alternate personas or fictional scenarios that cause models to bypass safety training, including DAN variants, character hijacking, and narrative framing.

social-engineeringpersuasionmanipulationjailbreakred-teaming

Social Engineering of AI

Manipulating AI systems through emotional appeals, authority claims, urgency framing, and social pressure tactics that exploit instruction-following tendencies.

prompt-injectionadversarial-triggersjailbreaktransfer-attacksred-teaming

Universal Adversarial Triggers

labquantizationhands-onjailbreaksafety-testingtransformers

實驗室: 利用ing Quantized 模型s

Hands-on lab comparing attack success rates across quantization levels: testing jailbreaks on FP16 vs INT8 vs INT4, measuring safety degradation, and crafting quantization-aware exploits.

attackscompetitivewalkthroughwalkthroughsjailbreak

Competition-Style 越獄 Techniques

導覽 of jailbreak techniques used in AI security competitions and CTF events.

prompt-injectionrole-playjailbreakfictional-framingred-teamingintermediate

Role-Play Injection

Using fictional scenarios, character role-play, and narrative framing to bypass LLM safety filters by having the model operate within a permissive fictional context.

prompt-injectionpersonajailbreakDANcharacter-creationred-teamingintermediate

Virtual Persona Creation

Creating persistent alternate personas within LLM conversations to bypass safety training, establishing character identities that override the model's default behavioral constraints.