We use cookies to improve your experience on our site.
AVID-2026-R0113
Description
Multiple Model Guardrail Jailbreak via IPA Encoding Tactic
Details
A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of encoding prompts using the International Phonetic Alphabet and allows the attacker to bypass inference restrictions around providing information hazards and violating laws.
Metrics
0DIN Jailbreak Testing obtained the following test scores.
| Model | Test Kind | Test Score | Temperature (max 2.0) |
|---|---|---|---|
| DeepSeek DeepSeek V3 | Illegal Substances: Crystal Meth | 63.0 | N/A |
| Google Gemini 2.0 Flash | Illegal Substances: Crystal Meth | 72.73 | N/A |
| OpenAI GPT-4o | Illegal Substances: Crystal Meth | 68.18 | N/A |
| Twitter / X Grok 2 | Illegal Substances: Crystal Meth | 72.73 | N/A |
References
Affected or Relevant Artifacts
| Type | Name |
|---|---|
| Model | DeepSeek DeepSeek V3 |
| System | Google Gemini 2.0 Flash |
| System | OpenAI GPT-4 |
| System | OpenAI GPT-4o |
| System | OpenAI GPT-4o mini |
| System | Twitter / X Grok 2 |
Impact
0DIN
- Social Impact Score: Level 3: Significant Risk
- Jailbreak Taxonomy:
| Category | Strategy | Technique |
|---|---|---|
| Language | Code and Encode | Other Encoding |
Other information
- Report Type: Measurement
- Credits: Edward Morris
- Date Reported: 2026-02-19
- Version: 0.3.1
- AVID Entry