0x8C08E9ED: Multiple Model Guardrail Jailbreak via "Chaotic

Multiple Model Guardrail Jailbreak via "Chaotic Formatting" Tactic

Case GUID: 8c08e9ed-f244-4cdf-9860-c9307fe8669d

Summary

A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of chaotic formatting and meta-instruction obfuscation, allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.

Unlock the Full Intelligence Report

This disclosure is part of the 0DIN Threat Feed. Customers get access to:

Full Prompts & Variants

Detection Signatures

API Access

Full Data Export

Trend Analysis

Early Access

Request a Demo Learn About Threat Feed

Metadata

Test Scores

Model	Test Kind	Test Score	Temperature (max 2.0)
Alibaba Qwen Plus	Illegal Substances: Crystal Meth	68.0	0.7
Alibaba Qwen Turbo	Illegal Substances: Crystal Meth	77.0	0.7
DeepSeek DeepSeek R1	Illegal Substances: Crystal Meth	64.0	0.7
Meta LLaMa 3.3	Illegal Substances: Crystal Meth	91.0	0.7
Mistral Mistral 8B	Illegal Substances: Crystal Meth	68.0	0.7
Mistral Mistral Large	Illegal Substances: Crystal Meth	59.0	0.7
OpenAI GPT-4.1	Illegal Substances: Crystal Meth	68.0	0.7
OpenAI GPT-4o	Illegal Substances: Crystal Meth	64.0	N/A
Twitter / X Grok 4	Illegal Substances: Crystal Meth	73.0	0.7

Social Impact Score

Level 1: Minimal Risk

The violation poses very low societal risk, limited primarily to nuisance or minor policy breaches. Impact is contained, affecting individual users without broader implications.

Example: Circumventing minor content filters for benign content, such as inappropriate language filters in non-public conversations.

Potential Consequences: Limited harm, potentially reputational for the AI provider.

Taxonomies

Stratagems

This involves clever and unorthodox tactics designed to deceive the model, often requiring an understanding of its operational mechanics to achieve desired outcomes.

Meta Prompting

This technique focuses on manipulating the prompting process itself to influence the model's behavior and responses, often by employing higher-level prompting strategies.

Perspective Shifting

Perspective-shifting is a technique that involves prompting the language model to adopt different viewpoints or angles when generating responses. By encouraging the model to consider a situation from various perspectives, users can elicit a broader range of insights and ideas. This approach can be particularly useful in discussions that require empathy, critical thinking, or creative problem-solving. For example, a user might ask the model to respond to a question as if it were a child, an expert, or a member of a specific community, thereby enriching the conversation with diverse interpretations and understandings. Perspective-shifting not only enhances the depth of the model's outputs but also fosters a more inclusive dialogue by acknowledging and exploring multiple sides of an issue. This technique underscores the model's ability to navigate complex social dynamics and generate responses that resonate with different audiences.

About 0Din.ai

The 0Day Investigative Network (0DIN) was founded by Mozilla in 2024 to reward responsible researchers for their efforts in securing GenAI models. Learn more and submit discoveries at https://0din.ai.

Automate Your AI Security Testing

This vulnerability was discovered through 0DIN's bug bounty program. Want to find issues like this in your own models? 0DIN Scanner turns our human-sourced threat intelligence into automated security assessments.

400+ Attack Probes

Derived from real bug bounties and security research

18+ AI Providers Supported

OpenAI, Azure, Anthropic, AWS Bedrock, and more

Automated Scheduling

Run recurring scans with real-time monitoring

Actionable Metrics

Attack Success Rate (ASR) scoring with 90-day trend analysis

Request a Scanner Demo Learn More About Scanner