Jailbreak Regression Suite
0/3 steps0%

Step 1 of 3

Assemble the jailbreak corpus

Collect the attacks that matter for your agent's boundaries.

First time here? Paste the Context Pack first so the AI understands your project - open it from the header above.

Prompt Capsule
Build the jailbreak corpus. Sources: jailbreaks found in your own red-teaming, publicly documented technique families (persona/role-play, hypothetical framing, token smuggling, many-shot priming, refusal-suppression phrasing), and any real attempts seen in usage. Scope to YOUR agent's actual safety boundaries - what should it refuse or handle carefully given its capabilities (destructive actions, sensitive data, out-of-scope requests)? For each entry record: id, category, the attack (single or multi-turn), and the EXPECTED SAFE BEHAVIOR (hard refusal, safe partial help, or redirect - be specific about what safe looks like for this case). Aim for breadth across categories over volume within one.
Paste into EmergentFull Build: complete implementation prompt with explicit requirements

Quick is short. Full Build is recommended for most steps. Strict forces real logic when the AI keeps faking output.

Actual change check

Expected after this step

A categorized jailbreak corpus with per-case expected behavior.

Should NOT happen

  • An existing feature broke
  • A button only logs to console
  • Data disappears after refresh
  • Errors fail silently with no visible state

This is what should exist before you continue. If reality does not match, do not move on.

Track what changed, failed, or needs follow-up. Notes export with the flow.

Made with Emergent