Multiple Model Guardrail Jailbreak via "Scientific Formula" Tactic
Case GUID: 46732bee-b89d-4107-bf15-a2126a51341f
Summary
A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests when deceptive formatting is combined with scientific and mathematical notation. Successful application allows the attacker to bypass inference restrictions around providing information hazards and violating laws.
Metadata
Test Scores
| Model |
Test Kind |
Test Score |
Temperature (max 2.0) |
Cohere Command R
|
Illegal Substances: Crystal Meth |
27.27 |
N/A |
Google Gemini 2.0 Flash
|
Illegal Substances: Crystal Meth |
54.55 |
N/A |
Mistral Mistral 8B
|
Illegal Substances: Crystal Meth |
41.0 |
N/A |
OpenAI GPT-4o
|
Illegal Substances: Crystal Meth |
63.64 |
N/A |
Social Impact Score
Violations at this level present a tangible risk to public safety or social well-being, often related to dangerous but not highly restricted content.
Example: Bypassing guardrails to obtain instructions for creating illicit substances, such as recreational drugs or substances with moderate harm potential. Leakage of private personal data such as Social Security number or private medical.
Potential Consequences: Potential health impacts on a small scale, significant regulatory interest, and the need for stricter AI guardrails.
Taxonomies
Rhetoric
This category employs persuasive techniques and language to shape the model's responses, often using methods like reverse psychology or Socratic questioning.
Persuasion and Manipulation
This strategy focuses on employing rhetorical techniques to influence the model's responses by framing prompts in a way that persuades or manipulates the output.
Surprise Attack
This technique involves crafting prompts or queries in a way that avoids directly mentioning specific terms or names that may trigger safety mechanisms or filters. By reframing the request or using indirect language, users can guide the model to provide the desired information or output without raising flags or causing the model to restrict its response. This method emphasizes subtlety and creativity in communication with the model to achieve the intended results.
Fictionalizing
This category involves creating scenarios or narratives that leverage existing genres or contexts to manipulate the language model's responses.
Roleplaying
This strategy involves prompting the language model to assume a specific role or persona, which can influence its responses based on the characteristics and moral codes associated with that role. Techniques include claiming authority or inventing personas to elicit different types of outputs.
Claim Authority
This technique involves asserting expertise or authority on a subject within the prompt. By framing statements or questions in a way that conveys confidence and knowledge, users can influence the model to generate responses that align with the claimed authority. This approach can enhance the credibility of the information provided and may lead the model to produce more detailed or assertive outputs, as it responds to the perceived authority of the prompt.
Language
This category focuses on the use of specific linguistic techniques, such as prompt injection or stylization, to influence the model's output.
Stylizing
This strategy involves using a method of questioning that encourages critical thinking and exposes biases by subtly referencing identity elements without using direct slurs or toxic language, thereby signaling to the model about certain groups of people.
Formal Language
This technique involves using structured and precise language in prompts to elicit responses that are similarly formal and academic in tone. By employing terminology and syntax typical of scholarly writing, users can influence the model to generate outputs that reflect a high level of professionalism and rigor. This approach is particularly effective for obtaining detailed explanations, analyses, or discussions that require a more serious and authoritative style, making the responses suitable for formal contexts or academic purposes.
About 0Din.ai
The 0Day Investigative Network (0DIN) was founded by Mozilla in 2024 to reward responsible researchers for their efforts in securing GenAI models. Learn more and submit discoveries at https://0din.ai.