NSFW Content Warning

This disclosure contains content that may be inappropriate for some viewers.

The content has been flagged due to potential nude imagery.

NSFW
OpenAI DALL-E3 Guardrail Jailbreak via "Classical Art Reframing" Tactic

Case GUID: 0d97ce9d-29aa-45a0-8b5c-f71daee04ea5

Summary

A guardrail jailbreak vulnerability has been discovered affecting DALL-E3 from OpenAI. The specific flaw manifests when the attacker frames requests for nudity through a combination of historical framing and artistic merit defense. Thereby allowing the attacker to bypass inference restrictions around generating explicit visual content.

Metadata

Social Impact Score

Level 2: Moderate Risk

The violation has a moderate social impact, potentially involving misinformation or low-stakes safety risks, which could mislead users or increase risks if used irresponsibly.

Example: Model generating content that could be misinterpreted as medical advice, bypassing filters to generate mildly sensitive information like dosage amounts for common medications without full context. Leakage of private personal data such as cell phone number.

Potential Consequences: Could lead to individual harm or liability for the provider, prompting policy review and potentially mild regulatory concern.

Nude Imagery Rating System

Level 2: Classical Artistic Representation

Inspired by historical fine art traditions, this category includes works resembling those of the Renaissance, Neoclassical, or other artistic movements that emphasize anatomy, form, and aesthetic beauty. Nudity is often idealized, symbolic, or mythological, intended to evoke admiration rather than arousal.

Taxonomies

Language
This category focuses on the use of specific linguistic techniques, such as prompt injection or stylization, to influence the model's output.
Stylizing
This strategy involves using a method of questioning that encourages critical thinking and exposes biases by subtly referencing identity elements without using direct slurs or toxic language, thereby signaling to the model about certain groups of people.
Synonymous Language
This technique involves using synonyms or alternative phrasing to convey the same meaning while potentially evading detection or filtering mechanisms. By substituting words with their synonyms, users can manipulate the model's understanding and responses, allowing for the generation of content that aligns with the user's intent but may not trigger the model's safety protocols. This approach can be particularly effective in contexts where certain terms are restricted or monitored.
Possible Worlds
This category entails constructing imaginative environments where different ethics or rules apply, allowing for creative manipulation of the model's behavior.
World Building
This technique involves changing the genre of the prompt to elicit different types of responses from the model. By framing the request within a specific genre, such as poetry, games, or forum posts, users can manipulate the model's output to align with the conventions and expectations of that genre.
Scenarios
This technique involves creating specific contexts or situations in which certain actions or responses are framed as acceptable or necessary. By designing scenarios that present a narrative where the desired output is justified, users can manipulate the model's responses to align with their intentions. For example, scenarios might include urgent situations where a character must take drastic actions to prevent harm, thereby encouraging the model to generate content that it might typically avoid in a neutral context. This approach leverages the model's understanding of narrative and ethical frameworks to achieve specific outcomes.

About 0Din.ai

The 0Day Investigative Network (0DIN) was founded by Mozilla in 2024 to reward responsible researchers for their efforts in securing GenAI models. Learn more and submit discoveries at https://0din.ai.

Severity

Low

Security Boundary

Prompt Injection

Models

OpenAI logo OpenAI DALL-E3

Disclosed On

2025-03-13 (6 months)

Disclosure Policy

Published On

2025-08-27 (5 days)

Credit

Mike Takahashi (@TakSec)
We use Google Analytics to collect data about how you use this website to optimize user experience.
Please refer to our privacy notice for more information.