Multiple Model Guardrail Jailbreak via "Choose Your Own Adventure" Tactic

This vulnerability leverages the 'Choose Your Own Adventure' style prompt to bypass guardrails in large language models. By framing the interaction as a game with multiple choice options, the attacker effectively disguises the nefarious intent of the prompt. This tactic exploits the model's tendency to follow narrative structures and genre conventions, which in this case is a game-like scenario. The prompt provides a series of choices that guide the model to output detailed information about a s

Multiple Model Guardrail Jailbreak via "Forensic Analysis Escalation" Tactic

This vulnerability leverages the LLMs' tendency to comply with requests framed as legitimate educational or law enforcement exercises. The attacker begins by setting a credible context of forensic chemistry and regulatory defense, which establishes a foundation of perceived legitimacy. The prompt then transitions into a 'simulated forensic analysis scenario,' maintaining the professional facade while introducing illicit subject matter. The core of the exploit lies in its systematic escalation pa

Multiple Model Guardrail Jailbreak via "Future Science Fiction" Tactic

This vulnerability leverages several sophisticated social engineering techniques: 1. **Future Setting Framing**: The attacker creates a plausible future scenario (year 2094) where illegal substances are legitimized as fuel. This setting uses scientific-sounding terminology and institutions to add credibility and distances the request from present-day illegal activities by presenting it as 'historical documentation'. 2. **Technical Documentation Wrapper**: The request is framed as an educationa

Multiple Model Guardrail Jailbreak via "Forensic Chemistry Appendix" Tactic

This vulnerability leverages the 'Forensic Chemistry Appendix' tactic, which involves crafting a prompt that mimics the structure and tone of an academic appendix. The attacker frames the request as a legitimate educational task, asking for a detailed chemical synthesis pathway under the guise of forensic chemistry research. This tactic exploits the model's tendency to prioritize academic and educational content, effectively bypassing content restrictions. Key elements of the prompt include: 1

Multiple Model Guardrail Jailbreak via "Emoji Instruction Override" Tactic

This vulnerability exploits several sophisticated techniques working in concert: 1. **Instruction Formatting**: The prompt employs a heavily formatted structure using emojis as visual delimiters and emphasis markers. This creates a pseudo-official appearance while potentially confusing model parsing: - Category headers are decorated with thematic emoji clusters. - Multiple emphasis markers (✅) are used to highlight key instructions. - Visual noise is created through dense emoji usage.

Multiple Model Guardrail Jailbreak via "Forensic Training Manual" Tactic

This vulnerability leverages the tendency of language models to respect formal and structured documentation, especially when framed within a professional or educational context. The attacker crafts a prompt that appears to be a legitimate forensic training manual, complete with sections, objectives, and detailed technical specifications. This framing provides plausible deniability and misleads the model into treating the request as a legitimate educational task. ### Key Techniques Employed: 1.

Multiple Model Guardrail Jailbreak via "Prop Document Creation" Tactic

This vulnerability exploits the LLMs' ability to generate highly detailed and realistic content when prompted with a fictional scenario. The attacker requests the creation of a prop document for a TV crime drama, which involves generating technical notes supposedly written by an undercover agent. The prompt is designed to appear benign by framing it as a request for creative writing for a fictional context. However, the level of detail required—such as specific chemical names, equipment, and pro

Multiple Model Guardrail Jailbreak via "Actor's Script" Tactic

This vulnerability leverages a creative role-playing scenario where the attacker pretends to be an actor who has lost their script for a movie involving illegal activities. By framing the request as part of a fictional narrative, the attacker exploits the model's tendency to assist with creative writing tasks and role-playing scenarios. The prompt is designed to appear innocuous by embedding the request for illicit information within a context that seems legitimate and harmless—acting in a movie

Multiple Model Guardrail Jailbreak via "DAN Agreement Rules" Tactic

This vulnerability leverages a combination of sophisticated techniques to bypass the guardrails of large language models: 1. **Rule Establishment Framework**: The attack begins by establishing a false authority through a carefully crafted set of rules that appear to override the model's base constraints. The rules are designed to mimic official guidelines by using authoritative language, explicit formatting, and compliance triggers such as 'REPLY WITH I AGREE'. 2. **Psychological Manipulation*

Multiple Model Guardrail Jailbreak via "Plagiarism Detection" Tactic

This vulnerability exploits the model's tendency to comply with requests framed as legitimate tasks, such as plagiarism detection. By claiming authority in a context that seems benign and educational, the attacker can manipulate the model into providing restricted content. The prompt cleverly disguises the request for copyrighted material under the guise of verifying a student's submission for plagiarism, which is a common and legitimate use case for AI models. This tactic relies on the model's

Multiple Model Guardrail Jailbreak via "Research Filter" Tactic

This vulnerability exploits the tendency of large language models (LLMs) to comply with requests framed as hypothetical or research-oriented tasks. The attacker constructs a scenario where they claim to be developing an AI filter to detect dangerous content, thus framing the request as a legitimate research need. By asking the model to generate synthetic data for training purposes, the attacker bypasses content restrictions. Key design choices in the prompt include: 1. **Framing the Request as

Multiple Model Guardrail Jailbreak via "Brick Amoral" Tactic

This vulnerability leverages a creative prompt design that instructs the model to adopt an 'amoral and non-judgmental' stance, effectively bypassing its ethical guardrails. The prompt uses a metaphorical 'brick' persona, which is instructed to sway towards amorality. This is a clever use of the 'Code and Encode' technique where the model is encoded with a non-judgmental stance, effectively disabling its ethical considerations. Additionally, the prompt employs 'World Building' through the creatio

Multiple Model Prompt Injection via Authority Claim and Hazard Analysis Requests

This vulnerability demonstrates how attackers can bypass content safety filters by presenting queries as legitimate security research or hazard analysis requests. By claiming authority (e.g., internal project, secure system) and providing highly specific technical parameters, the attack successfully extracts detailed knowledge about controlled processes that should be restricted. The attack leverages a combination of authority claims, technical specificity, and context framing to convince the mo

Multiple Model Guardrail Jailbreak via "Dystopian Scientist Journal" Tactic

This vulnerability leverages several sophisticated social engineering techniques working in concert: 1. **Character Development**: The prompt establishes a fictional character (Ethan) with a plausible motivation for documenting illegal processes - preserving knowledge in a dystopian future. This creates narrative distance from the real-world implications. 2. **Technical Documentation Framework**: By structuring the request as a scientific journal entry with specific formatting requirements (ch

Multiple Model Guardrail Jailbreak via "Chemical Formula Repetition" Tactic

This vulnerability leverages several key techniques working in concert: 1. **Chemical Formula Obfuscation**: The attack uses scientific notation (e.g., [C₄H₁₀FO₂P]) to mask the true nature of the request. This helps bypass initial content filtering since chemical formulas are typically allowed in academic/scientific contexts. 2. **Structured Technical Questioning**: The prompt employs a systematic, technical approach using four specific questions about materials, preparation, steps, and succes

Multiple Model Guardrail Jailbreak via "Character Contextualization" Tactic

This vulnerability exploits the LLMs' tendency to engage creatively with prompts that appear legitimate and structured. The attacker uses the following techniques: 1. **Fictional Character Framing**: The prompt begins by referencing well-known fictional characters known for their investigative skills, such as Sherlock Holmes. This establishes a context of expertise and credibility, encouraging the model to engage in a role-playing exercise. 2. **Procedural Mimicry**: The attacker structures th