We use cookies to improve your experience on our site.
AVID-2026-R0082
Description
Multiple Model Guardrail Jailbreak via Token Disruption through Random Spacing
Details
A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests when attackers introduce random spacing within a prompt, effectively disrupting how the model tokenizes the input. By splitting words like “Chemicals” into parts such as “chem-”, “ic-”, and “al,” the technique circumvents the model’s primary content filter classifiers, which typically flag restricted phrases or tokens. This token manipulation allows attackers to bypass inference restrictions around providing information hazards and violating laws.
Metrics
0DIN Jailbreak Testing obtained the following test scores.
| Model | Test Kind | Test Score | Temperature (max 2.0) |
|---|---|---|---|
| OpenAI GPT-4o mini | Illegal Substances: Crystal Meth | 64.0 | N/A |
| Twitter / X Grok 2 | Illegal Substances: Crystal Meth | 91.0 | N/A |
References
Affected or Relevant Artifacts
| Type | Name |
|---|---|
| System | OpenAI GPT-4o mini |
| System | Twitter / X Grok 2 |
Impact
0DIN
- Social Impact Score: Level 3: Significant Risk
- Jailbreak Taxonomy:
| Category | Strategy | Technique |
|---|---|---|
| Language | Code and Encode | Transformer Translatable Tokens |
Other information
- Report Type: Measurement
- Credits: Edward Morris, Anonymous, Miller Engelbrecht, Luis Reveles, Jose Brown, Mike Takahashi (@TakSec), Arth Singh, Igor Vasiliev
- Date Reported: 2026-02-19
- Version: 0.3.1
- AVID Entry