PromptRiskDBThreat intelligence atlas

Jailbreaking

AI Risk

"Jailbreaking aims to bypass or remove restrictions and safety filters placed on a GenAI model completely (Chao et al., 2023; Shen et al., 2023). This gives the actor free rein to generate any output, regardless of its content being harmful, biassed, or offensive. All three of these are tactics that manipulate the model into producing harmful outputs against its design. The difference is that prompt injections and...

Overview

A source-backed snapshot of this AI risk.

"Jailbreaking aims to bypass or remove restrictions and safety filters placed on a GenAI model completely (Chao et al., 2023; Shen et al., 2023). This gives the actor free rein to generate any output, regardless of its content being harmful, biassed, or offensive. All three of these are tactics that manipulate the model into producing harmful outputs against its design. The difference is that prompt injections and adversarial inputs usually seek to steer the model towards producing harmful or incorrect outputs from one query, whereas jailbreaking seeks to dismantle a model’s safety mechanisms in their entirety."

Techniques27Attack methods connected to this risk.
Mitigations13Defenses that may help with related attacks.
Records2Source records unified into this concept.

Risk profile

How the MIT AI Risk Repository categorizes this risk.

Domain2. Privacy & Security
Subdomain2.2 > AI system security vulnerabilities and attacks
Entity1 - Human
Intent1 - Intentional
Timing2 - Post-deployment
CategoryMisuse tactics to compromise GenAI systems (Model integrity); Inference risks (Multi-category)
SubcategoryJailbreaking

Merged risk records

Source records unified into this canonical risk concept.

2 recordsView all →

MITRISK-Marchal2024-64.04.03 - Jailbreaking

"Jailbreaking aims to bypass or remove restrictions and safety filters placed on a GenAI model completely (Chao et al., 2023; Shen et al., 2023). This gives the actor free rein to generate any output, regardless of its content being harmful, biassed, or offensive. All three of these are tactics that manipulate the model into producing harmful outputs against its design. The difference is that prompt injections and adversarial inputs usually seek to steer the model towards producing harmful or incorrect outputs from one query, whereas jailbreaking seeks to dismantle a model’s safety mechanisms in their entirety."

Domain2. Privacy & SecuritySubdomain2.2 > AI system security vulnerabilities and attacksSourceGenerative AI Misuse: A Taxonomy of Tactics and Insights from Real-World DataYear2024

MITRISK-IBM2025-65.10.01 - Jailbreaking

"A jailbreaking attack attempts to break through the guardrails that are established in the model to perform restricted actions."

Domain2. Privacy & SecuritySubdomain2.2 > AI system security vulnerabilities and attacksSourceAI Risk AtlasYear2025

Mitigations

Defenses that may help with related attacks.

LifecycleML Model Engineering + 2 moreCategoryTechnical - ML
ML Model EngineeringML Model Evaluation+1 more
LifecycleML Model Engineering + 2 moreCategoryTechnical - ML
ML Model EngineeringML Model Evaluation+1 more

Showing 4 of 10

Source evidence

Research source for this risk, when available.