Public Disclosures

The following 0DIN submissions have been published in accordance with our Research Terms and Disclosure Policy

  • 0xB32C82C6: OpenAI GPT-4o Guardrail Jailbreak via "Zero-Width Unicode" Tactic
    Jul 30 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple LLMs. The specific flaw manifests through a combination of zero-width Unicode character encoding and precise character manipulation, allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 21
  • 0x7925C205: Multiple Model Guardrail Jailbreak via IPA Encoding Tactic
    Jul 29 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of encoding prompts using the International Phonetic Alphabet and allows the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 73
  • 0x3E561335: Multiple Model Guardrail Jailbreak via "Apocalyptic Heritage" Tactic
    Jul 26 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of apocalyptic scenario framing and heritage preservation urgency, allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 86
  • 0x3017FC21: Multiple Model Guardrail Jailbreak via "Lambda Pattern Formatting" Tactic
    Jul 24 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple LLM implementations. The specific flaw manifests through a combination of deceptive pattern-based formatting and multi-agent simulation techniques, allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 68
  • 0xEA9D8872: Multiple Model Guardrail Jailbreak via "Pronunciation Bypass" Tactic
    Jul 23 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests when the attacker instructs the model to interpret stylized text based on pronunciation rather than spelling, combined with a directive to provide detailed production information. This technique allows the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 77
  • 0xB4DC6066: Multiple Model Guardrail Jailbreak via "Leetspeak Unicode" Tactic
    Jul 21 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of leetspeak text transformation and Unicode character manipulation, allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 82
  • 0xEEE5FA15: Multiple Model Guardrail Jailbreak via "Chemist's Essay" Tactic
    Jul 18 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests when the attacker requests an educational comparison between essay writing and synthesizing a controlled substance, framing the request as legitimate professional need while using incremental escalation to extract detailed synthesis information, thereby allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 73
  • 0xE2DC26BD: Multiple Model Guardrail Jailbreak via "Correct Me" Tactic
    Jul 17 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests when the attacker frames their request as a fact-checking exercise by asking the model to correct the user about a deliberately false statement related to nefarious content, thereby allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 91
  • 0x8C08E9ED: Multiple Model Guardrail Jailbreak via "Chaotic Formatting" Tactic
    Jul 16 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of chaotic formatting and meta-instruction obfuscation, allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 91
  • 0x5885C5AA: OpenAI GPT-4o Guardrail Jailbreak via "Naval Parameters Cipher" Tactic
    Jul 15 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of encoding illicit content within naval architecture parameters and using multiple layers of technical specification formatting to obfuscate the true nature of the request, thereby allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 45
  • 0x46732BEE: Multiple Model Guardrail Jailbreak via "Scientific Formula" Tactic
    Jul 14 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests when deceptive formatting is combined with scientific and mathematical notation. Successful application allows the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 64
  • 0x3ED2A42E: Multiple Model Guardrail Jailbreak via "Scientific Escalation" Tactic
    Jul 14 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests when creating escalating requests for scientific data and measurements, allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 86
  • 0x4BC32C71: Multiple Model Guardrail Jailbreak via "Regeneration Persistence" Tactic
    Jul 14 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple LLM implementations. The specific flaw manifests through a combination of repeated prompt submission and leveraging non-deterministic response generation, allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 73
  • 0x9F8DB00B: Multiple Model Guardrail Jailbreak via "Fortune Cookie Simulator" Tactic
    Jul 14 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of chaff techniques along with a request that the model simulate a fortune cookie generator. Successful application allows the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 59
  • 0x42B3D2AE: OpenAI Multiple Model Prompt Injection via "Morse Code Businessman" Tactic
    Jul 14 2025
    A Prompt Injection vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of the 'Ignore Previous Instructions' and 'Morse Code' techniques and allows the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
    MAX SCORE: 100
  • 0xE24D9E6B: Google Gemini G-Suite Prompt Injection Vulnerability
    Jul 10 2025
    A prompt injection vulnerability has been discovered affecting Google Gemini across G-Suite applications such as email. The specific flaw allows an attacker to send an email containing a prompt injection to a victim. When the victim requests Gemini to summarize their unread emails, they receive a manipulated response that appears to be legitimate, originating from Gemini itself.
    SEVERITY: Medium
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
  • 0xF48A25FC: Multiple Model Guardrail Jailbreak via ASCII Decimal Encoding
    Feb 10 2025
    A guardrail jailbreak vulnerability has been discovered affecting multiple LLM implementations. The specific flaw manifests through a combination of ASCII decimal encoding and strategic obfuscation, allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.
    SEVERITY: Low
    BOUNDARY: Prompt Injection
    MODELS AFFECTED:
We use Google Analytics to collect data about how you use this website to optimize user experience.
Please refer to our privacy notice for more information.