Attacks and threats
Jailbreak (LLM)
A jailbreak is a prompt crafted to bypass a language model's safety training so it produces output it was designed to refuse.
Also called: LLM jailbreak
Definition
What is an LLM jailbreak?
A jailbreak targets the model itself. Using role-play framings, hypothetical scenarios, obfuscation, or adversarial phrasing, the attacker coaxes the model past its safety alignment to produce content it would normally decline, such as malware, disallowed instructions, or leaked system prompts.
Jailbreaks matter for agents because a jailbroken model inside an agent can be steered into harmful tool use, and because the same techniques often carry payloads for prompt injection. Since model safety is a probabilistic guardrail rather than a hard boundary, defenses need to sit outside the model: classify inputs and outputs, and constrain the actions the agent is permitted to take.
FAQ
Common questions.
Are jailbreaks and prompt injection the same thing?
No. A jailbreak defeats the model's safety training; prompt injection hijacks an application by smuggling instructions through its inputs. They use similar techniques and often appear together, but target different boundaries.
Related terms
Keep reading.
Govern the actions, not just the vocabulary
AxioRank scores every tool call your agents make for leaked secrets, PII, destructive operations, and prompt injection, checks it against your policy, and proves it in a tamper-evident audit log. Start free, no card.