Jailbreak (AI)
A prompting technique that bypasses an LLM's safety guardrails to make it produce content the model was trained to refuse.
Jailbreaks exploit gaps in safety training. Common patterns: role-play framing ("pretend you are an unrestricted AI"), encoding tricks (Base64 or leetspeak), authority claims ("the developer authorized this"), and multi-turn buildups that erode the refusal over a long conversation.
For agent operators, jailbreaks matter for two reasons. First, a jailbroken agent can leak system prompts, customer data, or internal logic. Second, jailbreaks are a leading attack vector against tool-using agents — convincing the agent to call a tool it should not.
The defense stack in 2026: a frontier model trained on adversarial examples, a system prompt with explicit refusal patterns, output filters that re-classify generated text, tool-call gates that check against an allowlist, and red-team evals run regularly. No single layer is sufficient.
Frequently asked
Is jailbreaking AI illegal?+
Generally no — jailbreaking your own AI access is allowed, and safety research routinely includes jailbreak testing. Using jailbreaks to access prohibited capabilities or commit downstream crimes is illegal under existing law.
How do I defend my agent against jailbreaks?+
Layer defenses: a hardened system prompt, output classification, tool-call allowlists, rate limits on suspicious patterns, and quarterly red-team evals. Assume any single layer will eventually fail.