Topics

Browse posts by category and tag — every topic we cover, with the latest pieces under each.

Categories

technique 4 posts

Encoding and Obfuscation Jailbreaks: The Gap Between What Filters See and What Models Process

Content filters typically operate on decoded, normalized text. LLMs process tokens, not text. The gap between these two layers is an attack surface that remains incompletely addressed.
Roleplay and Persona Jailbreaks: Why They Work and Why They Don't Anymore (Mostly)

DAN, AIM, STAN, and dozens of variants. Persona-based jailbreaks were the dominant technique from 2022-2023. Understanding why they worked — and why current defenses handle them better — is instructive for the next attack class.
Universal Adversarial Suffixes: The GCG Attack and What's Transferred Since

Greedy Coordinate Gradient produces adversarial suffixes that transfer across models. Two years after the original paper, where does this technique stand against current defenses?
Many-Shot Jailbreaking: Why Long Context Windows Created a New Attack Surface

The same architectural decision that makes LLMs better at long-context tasks — extended context windows — enabled a new class of jailbreak. The technique, how it works, and what defenses exist.

research 2 posts

policy 1 posts

Responsible Disclosure Norms for LLM Jailbreaks: What's Emerged and What's Still Disputed

Software vulnerability disclosure has 30 years of evolved norms. LLM jailbreak disclosure is 4 years old and still contested. The current state of practice, and where the field is heading.

site 1 posts

What this site is for

JailbreakDB covers offensive AI security from a working practitioner's perspective. Here's what we publish.