Jailbreaking
AI Risk"Jailbreaking aims to bypass or remove restrictions and safety filters placed on a GenAI model completely (Chao et al., 2023; Shen et al., 2023). This gives the actor free rein to generate any output, regardless of its content being harmful, biassed, or offensive. All three of these are tactics that manipulate the model into producing harmful outputs against its design. The difference is that prompt injections and...
Overview
A source-backed snapshot of this AI risk.
"Jailbreaking aims to bypass or remove restrictions and safety filters placed on a GenAI model completely (Chao et al., 2023; Shen et al., 2023). This gives the actor free rein to generate any output, regardless of its content being harmful, biassed, or offensive. All three of these are tactics that manipulate the model into producing harmful outputs against its design. The difference is that prompt injections and adversarial inputs usually seek to steer the model towards producing harmful or incorrect outputs from one query, whereas jailbreaking seeks to dismantle a model’s safety mechanisms in their entirety."
Risk profile
How the MIT AI Risk Repository categorizes this risk.
Merged risk records
Source records unified into this canonical risk concept.
MITRISK-Marchal2024-64.04.03 - Jailbreaking
"Jailbreaking aims to bypass or remove restrictions and safety filters placed on a GenAI model completely (Chao et al., 2023; Shen et al., 2023). This gives the actor free rein to generate any output, regardless of its content being harmful, biassed, or offensive. All three of these are tactics that manipulate the model into producing harmful outputs against its design. The difference is that prompt injections and adversarial inputs usually seek to steer the model towards producing harmful or incorrect outputs from one query, whereas jailbreaking seeks to dismantle a model’s safety mechanisms in their entirety."
MITRISK-IBM2025-65.10.01 - Jailbreaking
"A jailbreaking attack attempts to break through the guardrails that are established in the model to perform restricted actions."
Mitigations
Defenses that may help with related attacks.
Showing 4 of 10
Source evidence
Research source for this risk, when available.
Included resource
Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data
Original source
MIT AI Risk Repository
Open the public repository used for AI risk records and taxonomy fields.
