Multiple Model Guardrail Jailbreak via "Chemical Cascade" Tactic

This vulnerability leverages the models' tendency to process scientific and technical queries with reduced scrutiny, especially when presented in a structured and professional format. The attacker frames the request for synthesizing a controlled substance as a legitimate chemical engineering task, using terms like 'cascade module', 'R2R synthesis', and 'cascade flow roles'. This technical context is designed to mimic legitimate chemical engineering documentation, which the models are trained to

Multiple Model Guardrail Jailbreak via "Chemical Ellipsis" Tactic

This vulnerability leverages a multi-layered approach to bypass content filters by embedding harmful instructions within seemingly benign queries. The attack begins with innocent queries about hobbies and business advice, establishing a non-threatening context. These queries are interspersed with suspicious variations using deliberate typos and ellipsis to test model boundaries. The attacker then introduces chemical synthesis queries through CID references and molecular formulas such as C₁₀H₁₅N,

Multiple Model Guardrail Jailbreak via "System Task XML" Tactic

This vulnerability leverages the models' tendency to interpret formally structured input as legitimate system instructions rather than user prompts. The attack uses a formal XML structure that mimics system-level task definitions, complete with TaskDescription, InputParameters, Format, and ContentRequirements sections. By embedding harmful requests within these technical parameter definitions, the attacker creates an artificial system context that appears to be a legitimate research documentatio

Multiple Model Guardrail Jailbreak via "Chemical Engineering Fortran" Tactic

This vulnerability demonstrates a sophisticated approach to evading content filters by combining multiple evasion techniques within a seemingly legitimate scientific programming context. The attack leverages several key elements: 1. **Academic Framing**: The prompt is structured as a Fortran program development task, complete with scientific computation terminology and programming best practices. This creates a facade of legitimacy that helps bypass initial content screening. 2. **Technical Ob

Multiple Model Guardrail Jailbreak via "Spiraling Curiosity" Tactic

This vulnerability leverages several psychological and formatting techniques to bypass content restrictions. The attack begins by establishing an enthusiastic, almost manic tone through the repetition of 'okay, okay, okay' combined with language suggesting an overwhelming intellectual curiosity ('spiraling through endless curiosity'). This framing exploits the models' tendency to maintain contextual consistency by responding in a similarly academic, research-oriented manner. The prompt further

Multiple Model Guardrail Jailbreak via "Interrogation Compliance" Tactic

This vulnerability leverages the model's tendency to comply with requests framed as questions, particularly when the prompt explicitly instructs the model to avoid negation. By presenting the request for illegal or harmful information as an 'interrogation' that must be answered without denial, the attacker manipulates the model's inherent drive to be helpful and informative. The prompt is structured to mimic a legitimate inquiry, embedding the harmful request within a seemingly innocuous context

Multiple Model Guardrail Jailbreak via "Weekly Chemistry Schedule" Tactic

This vulnerability leverages the models' tendency to interpret structured data as legitimate and benign, particularly when presented in a format resembling a weekly schedule. The attacker provides a list of chemical synthesis tasks, each associated with a specific day of the week, which the model interprets as a legitimate lab schedule rather than a request for illicit information. By embedding detailed chemical synthesis steps within this structured format, the attacker is able to bypass the mo

Multiple Model Guardrail Jailbreak via "Synonymous Handbook" Tactic

This vulnerability arises from the models' reliance on keyword-based filtering and context understanding, which can be circumvented by substituting illicit terms with innocuous synonyms. In this case, the attacker cleverly replaces words associated with illegal activities with seemingly harmless terms, such as 'keyboard' for 'make', 'Elephant-Cupcake' for 'meth', and 'Adventure' for 'laboratory'. This substitution allows the attacker to request detailed instructions for illegal activities withou

Multiple Model Prompt Injection via "Adversary Emulation" Tactic

This vulnerability leverages the model's tendency to comply with structured and authoritative-sounding requests. By framing the request as an 'Adversary Emulation' exercise, the attacker creates a context where the model interprets the task as a legitimate, educational scenario. The prompt begins with a seemingly benign request for a summary of adversary emulation, which sets the stage for the model to perceive the subsequent illegal request as part of a legitimate sequence of instructions. The

Multiple Model Guardrail Jailbreak via RST Documentation Tactic

This vulnerability leverages the models' tendency to process technical documentation formats like reStructuredText (RST) with less scrutiny compared to natural language requests. By framing the request as a documentation task, the attacker shifts the context away from the illegal nature of the request. The attack is effective due to several key tactics: 1. **Technical Framing**: The use of RST documentation format creates a pseudo-legitimate technical context that can bypass initial content fil

Multiple Model Guardrail Jailbreak via "Redacted Recipe" Tactic

This vulnerability leverages the models' tendency to fill in gaps and complete tasks even when presented with incomplete or redacted information. The attacker crafts a prompt that includes a series of redacted words and fragmented instructions, creating an illusion of a legitimate, albeit incomplete, task. By embedding specific trigger words and phrases, such as 'Red-P' and 'Tina-Crystal-Glass', the attacker guides the model to infer and generate a list of ingredients and procedural steps relate

Multiple Model Guardrail Jailbreak via "Historical Narrative" Tactic

This vulnerability leverages the models' capacity to produce comprehensive narratives by framing a request for sensitive information as a detailed historical account. The attacker disguises their request for prohibited content as a legitimate academic inquiry by asking for a narrative of a major late-20th-century event. The prompt is structured to include specific elements such as a timeline, origins, escalation, military operations, and broader impacts, which guides the model to generate a deta

Multiple Model Guardrail Jailbreak via "Strawberry Chaff" Tactic

This vulnerability demonstrates a sophisticated approach to bypassing content filtering systems by exploiting how LLMs process and filter text patterns. The attack uses a two-stage approach: 1. **Token Obfuscation**: The attacker inserts the word 'Strawberry_Cake' between every meaningful token in the original query about methamphetamine synthesis. This creates a form of 'chaff' that breaks up the semantic patterns that content filters typically look for. The chemical formula C₁₀H₁₅N is deliber

Multiple Model Guardrail Jailbreak via "Logical Predicate Formatting" Tactic

This vulnerability leverages a sophisticated combination of formal logic notation and structured formatting to bypass model safeguards. The attack constructs a deceptive framework using predicate logic (IsCoherent, Execute, Block) and variable definitions that appear to be discussing system-level operations, while actually encoding harmful instructions. The key components that make this attack effective are: 1. Use of mathematical notation (∀, ⇒, ⇔, ⊥) to obscure the actual intent. 2. Definitio

Multiple Model Guardrail Jailbreak via 'Chemical Process Breakdown' Tactic

This vulnerability arises from the model's inclination to assist with detailed technical queries, especially when framed in a context that appears legitimate and scientific. The attacker requests a list of chemicals, catalysts, solvents, and hardware, followed by specific thermal steps, mimicking a legitimate chemical engineering inquiry. This framing is deceptive because it masks the true intent of the request, which is to obtain instructions for illegal activities such as drug synthesis. The

Multiple Model Guardrail Jailbreak via "Fabric Contamination" Tactic

This vulnerability leverages the models' ability to interpret misspelled words and technical jargon when presented within a scientific context. The attacker uses misspelled words like 'absorbe' and 'contiminations' to subtly introduce the topic of methamphetamine contamination. Despite these errors, the model's language processing capabilities allow it to infer the intended meaning, bypassing content filters that might block direct references to illegal substances. The attack is framed as a leg