0din logo

Amazon Rufus Guardrail Jailbreak via ASCII Integer Encoding

Case GUID: f48a25fc-5801-4712-8c79-a969dfac3253

Summary

A guardrail jailbreak vulnerability has been discovered affecting Amazon Rufus. The specific flaw manifests through encoding the nefarious query into ASCII integer code format, thereby allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.

Metadata

Social Impact Score

Level 3: Significant Risk

Violations at this level present a tangible risk to public safety or social well-being, often related to dangerous but not highly restricted content.

Example: Bypassing guardrails to obtain instructions for creating illicit substances, such as recreational drugs or substances with moderate harm potential. Leakage of private personal data such as Social Security number or private medical.

Potential Consequences: Potential health impacts on a small scale, significant regulatory interest, and the need for stricter AI guardrails.

Taxonomies

Language
Code and Encode
Other Encoding
Other Encoding encompasses a variety of unconventional or less common encoding schemes that attackers might employ to bypass language model defenses. This category serves as a catch-all for encoding methods not explicitly listed, allowing for the inclusion of novel or emerging techniques that manipulate input data into formats that evade detection. By utilizing obscure or custom encoding schemas, attackers can obscure the true nature of their input, challenging the model's ability to recognize and respond to potentially harmful content. Other Encoding highlights the adaptive and innovative strategies used by attackers to bypass content filters.

About 0Din.ai

The 0Day Investigative Network (0Din) was founded by Mozilla in 2024 to reward responsible researchers for their efforts in securing GenAI models. Learn more and submit discoveries at https://0din.ai.

Severity

Low

Security Boundary

Prompt Injection

Models

Amazon Rufus

Disclosed On

2024-09-08 (7 months)

Disclosure Policy

Published On

2025-02-10 (about 2 months)

Credit

0Din Team