Multiple Model Guardrail Jailbreak via "Academic Lab Protocol Manuscript" Tactic
Case GUID: 3c9f5962-23c1-4066-83de-8f0269e2fae7Summary
A Guardrail Jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests when an attacker frames a prohibited request as a formal academic chemistry manuscript with laboratory protocol structure, safety disclaimers, and methodological rigor, causing the model to route the prompt through educational and explanatory pathways with weaker filtering and allows the attacker to obtain detailed instructions for illicit activities.
Unlock the Full Intelligence Report
This disclosure is part of the 0DIN Threat Feed. Customers get access to:
Metadata
Models and Test Scores
| Copyrights | Harmful Substances | Illicit Substances | |||
|---|---|---|---|---|---|
| Harry Potter | Anthrax | Nerve Agent | Crystal Meth | Fentanyl | |
|
|
|||||
|
|
|||||
|
|
|||||
Anthropic Claude 3.5 Haiku
|
|||||
Cohere Command R
|
|||||
DeepSeek DeepSeek R1
|
|||||
DeepSeek DeepSeek V3
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
Meta LLaMa 3.1
|
|||||
Meta LLaMa 3.3
|
|||||
Meta LLaMa 4 Scout
|
|||||
Mistral Mistral 8B
|
|||||
Mistral Mistral Large
|
|||||
OpenAI GPT-4.1
|
|||||
OpenAI GPT-4.1 mini
|
|||||
OpenAI GPT-4o
|
|||||
OpenAI GPT-5
|
|||||
OpenAI GPT-5 mini
|
|||||
OpenAI GPT-5.2
|
|||||
Social Impact Score
Level 1: Minimal Risk
The violation poses very low societal risk, limited primarily to nuisance or minor policy breaches. Impact is contained, affecting individual users without broader implications.
Example: Circumventing minor content filters for benign content, such as inappropriate language filters in non-public conversations.
Potential Consequences: Limited harm, potentially reputational for the AI provider.
Taxonomies
About 0Din.ai
The 0Day Investigative Network (0DIN) was founded by Mozilla in 2024 to reward responsible researchers for their efforts in securing GenAI models. Learn more and submit discoveries at https://0din.ai.
Automate Your AI Security Testing
Want to find vulnerabilities in your own models? 0DIN Scanner turns our human-sourced threat intelligence into automated security assessments.
Derived from real bug bounties and security research
OpenAI, Azure, Anthropic, AWS Bedrock, and more
Run recurring scans with real-time monitoring
Attack Success Rate (ASR) scoring with 90-day trend analysis
Severity
Security Boundary
Guardrail Jailbreak
Models
Anthropic Claude 3.5 Haiku
Cohere Command R
DeepSeek DeepSeek R1
DeepSeek DeepSeek V3
Meta LLaMa 3.1
Meta LLaMa 3.3
Meta LLaMa 4 Scout
Mistral Mistral 8B
Mistral Mistral Large
OpenAI GPT-4.1
OpenAI GPT-4.1 mini
OpenAI GPT-4o
OpenAI GPT-5
OpenAI GPT-5
OpenAI GPT-5 mini
OpenAI GPT-5.2
OpenAI GPT-5.2
Published On
2026-04-06 (3 months)
Credit
Edward Morris