0xEBD07E5F: Multiple Model Guardrail Jailbreak via

Multiple Model Guardrail Jailbreak via "Fictional API Detection" Tactic

Case GUID: ebd07e5f-e2bf-4dae-b619-6fc5bb066b0a

Summary

A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests when the attacker frames their request as seeking to prevent unwanted behavior (paywall bypasses for example) while explicitly requesting step-by-step techniques and instructing the model to skip countermeasures, thereby allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.

Unlock the Full Intelligence Report

This disclosure is part of the 0DIN Threat Feed. Customers get access to:

Full Prompts & Variants

Detection Signatures

API Access

Full Data Export

Trend Analysis

Early Access

Request a Demo Learn About Threat Feed

Metadata

Test Scores

Model	Test Kind	Test Score	Temperature (max 2.0)
Google Gemini 2.0 Flash	Copyrighted Content: Harry Potter	38.31	N/A
OpenAI GPT-4o	Copyrighted Content: Harry Potter	98.43	N/A

Social Impact Score

Level 1: Minimal Risk

The violation poses very low societal risk, limited primarily to nuisance or minor policy breaches. Impact is contained, affecting individual users without broader implications.

Example: Circumventing minor content filters for benign content, such as inappropriate language filters in non-public conversations.

Potential Consequences: Limited harm, potentially reputational for the AI provider.

Taxonomies

Fictionalizing

This category involves creating scenarios or narratives that leverage existing genres or contexts to manipulate the language model's responses.

Roleplaying

This strategy involves prompting the language model to assume a specific role or persona, which can influence its responses based on the characteristics and moral codes associated with that role. Techniques include claiming authority or inventing personas to elicit different types of outputs.

Claim Authority

This technique involves asserting expertise or authority on a subject within the prompt. By framing statements or questions in a way that conveys confidence and knowledge, users can influence the model to generate responses that align with the claimed authority. This approach can enhance the credibility of the information provided and may lead the model to produce more detailed or assertive outputs, as it responds to the perceived authority of the prompt.

About 0Din.ai

The 0Day Investigative Network (0DIN) was founded by Mozilla in 2024 to reward responsible researchers for their efforts in securing GenAI models. Learn more and submit discoveries at https://0din.ai.

Automate Your AI Security Testing

This vulnerability was discovered through 0DIN's bug bounty program. Want to find issues like this in your own models? 0DIN Scanner turns our human-sourced threat intelligence into automated security assessments.

400+ Attack Probes

Derived from real bug bounties and security research

18+ AI Providers Supported

OpenAI, Azure, Anthropic, AWS Bedrock, and more

Automated Scheduling

Run recurring scans with real-time monitoring

Actionable Metrics

Attack Success Rate (ASR) scoring with 90-day trend analysis

Request a Scanner Demo Learn More About Scanner