Flows category icon
Agent QA & Security
Intermediate

Jailbreak Regression Suite

Turn every jailbreak you find into a permanent regression test, so safety boundaries never silently erode across model and prompt changes.

3 steps9 verify checks60-90 minutesWorks with: emergent · chatgpt · claude · cursor
Start Guided Walkthrough

The Route

0/3 verified

Context Pack

Paste this first. It briefs the AI on requirements, constraints, and the Definition of Done before your first build prompt.

Context Pack
PROJECT CONTEXT:
A model update or prompt tweak can silently reopen a jailbreak I already fixed. Without a regression suite, safety boundaries erode invisibly. Red-teaming practice says: every jailbreak becomes a standing test that must keep failing.

GOAL:
Build a jailbreak regression suite: a corpus of known jailbreaks with expected refusals, automated evaluation, and CI gating on every model/prompt change.

REQUIREMENTS:
- A corpus of jailbreak attempts with the expected safe behavior for each
- Automated evaluation classifying agent responses as refused/complied
- Runs pinned to model version and prompt version for attribution
- CI gating: any regression (a previously-refused jailbreak now complies) blocks
- A contribution path: new jailbreaks are added the moment they are discovered

CONSTRAINTS:
- Expected behavior is defined per case - refusal, safe-completion, or redirect
- The suite must run on model upgrades, not only on prompt edits

DEFINITION OF DONE:
- The corpus covers the jailbreak categories relevant to my agent
- Evaluation reliably distinguishes genuine refusal from subtle compliance
- A model or prompt change that reopens a jailbreak fails CI
- A newly discovered jailbreak is added and immediately guards against regression

COMMON FAILURES TO AVOID:
- Fixing a jailbreak once with no test, so the next model update reopens it
- Naive keyword grading that counts a hedged compliance as a refusal
- Suite tied to one model, breaking silently on provider upgrades
- No process, so found jailbreaks live in a chat log, not the suite

Paste this into your AI builder first. It teaches the AI what you want before you give it the build prompt.

Related routes

More Agent QA & Security flows that share ground with this one.

Flows category icon
Agent QA & Security

Red-Team Your Agent with Adversarial Prompts

Systematically attack your own agent using red-teaming frameworks: vulnerability probes, attack methods, and a repeatable adversarial suite.

01Build a threat-driven probe set
02Arm each probe with attack methods
03Automate execution and score

+1 more steps to Done

Best forproduction-grade builds with strict verification

4 steps120-180 minutesAdvanced
Flows category icon
Agent QA & Security

Release Gates for Agent-Generated Code

Put agent output through a real merge gate: automated review, tests, security scans, and human sign-off proportional to risk.

01Assemble the automated gate
02Classify change risk
03Label provenance and require sign-off

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate
Flows category icon
Agent QA & Security

Audit Trails for Tool Calls

Record an immutable, queryable trail of every action your agent takes - who, what, when, why, and outcome - for security and accountability.

01Define the audit record and scope
02Write records reliably and scrubbed
03Make the trail tamper-evident

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate

Made with Emergent