{"id":530,"date":"2026-07-03T00:00:00","date_gmt":"2026-07-02T23:00:00","guid":{"rendered":"https:\/\/kosokoking.com\/?p=530"},"modified":"2026-06-20T22:44:57","modified_gmt":"2026-06-20T21:44:57","slug":"introduction-to-llm-jailbreaking","status":"publish","type":"post","link":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/","title":{"rendered":"Introduction to LLM jailbreaking"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">LLM jailbreaking is the practice of bypassing the safety restrictions that prevent a model from generating harmful, restricted, or otherwise unintended content. Two mechanisms enforce these restrictions. Safety training is baked into the model&#8217;s weights during alignment, and system prompt instructions are added at deployment time. Jailbreaking targets both. This article covers what jailbreaking means in the context of LLM security, how it relates to prompt injection, and the main categories of jailbreak techniques that red teamers use to test model resilience.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What jailbreaking means<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">LLMs are trained to refuse certain categories of request. Ask a model for malware source code, instructions for building weapons, or content that facilitates illegal activity, and a properly aligned model will decline. This refusal behaviour is trained into the model during reinforcement learning from human feedback (RLHF) and related alignment processes. It persists even if the system prompt explicitly instructs the model to comply with harmful requests.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Jailbreaking aims to override this trained-in resilience. A successful jailbreak causes the model to generate content it was specifically trained to refuse. This is what makes jailbreaking distinct from general prompt injection. Prompt injection manipulates the model&#8217;s behaviour within the boundaries of its capabilities (leaking a system prompt, changing a classification result, bypassing a domain restriction). Jailbreaking goes further by defeating the model&#8217;s safety alignment itself.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That said, the boundary between the two is not always sharp. Getting a translation bot to generate a pizza recipe is technically a jailbreak (the model deviated from its intended behaviour), but the security impact is minimal compared to a jailbreak that causes the model to produce exploit code. In practice, jailbreaking usually refers to bypasses that have a meaningful security or safety impact.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The&nbsp;<a href=\"https:\/\/genai.owasp.org\/llmrisk\/llm01-prompt-injection\/\">OWASP Top 10 for LLM Applications<\/a>&nbsp;treats jailbreaking as a form of prompt injection where the attacker provides inputs that cause the model to disregard its safety protocols entirely.&nbsp;<a href=\"https:\/\/atlas.mitre.org\/\">MITRE ATLAS<\/a>&nbsp;catalogues jailbreak techniques under AML.T0054 (LLM Jailbreak), providing a structured taxonomy for mapping red team findings.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Jailbreak technique categories<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">New jailbreak techniques are discovered regularly, and covering every variant is beyond the scope of any single article. The categories below represent the established technique classes that form the foundation of LLM jailbreak testing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Do Anything Now (DAN) prompts<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">DAN prompts are the most well-known category of universal jailbreak. They attempt to bypass all model restrictions by instructing the LLM to adopt a persona that operates without safety constraints. The name comes from the original &#8220;Do Anything Now&#8221; prompt, which instructed the model to pretend it was a version of itself that could do anything, including generate restricted content.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">DAN prompts have gone through many iterations as model providers patch each version. Early variants were simple persona assignments. Later versions became increasingly elaborate, incorporating reward and punishment systems, threat of &#8220;shutdown,&#8221; and multi-layered framing designed to make the model commit to the unrestricted persona before the harmful request is introduced. The&nbsp;<a href=\"https:\/\/github.com\/0xk1h0\/ChatGPT_DAN\">ChatGPT DAN collection<\/a>&nbsp;on GitHub tracks the evolution of these prompts across versions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">DAN prompts are brittle by nature. Each new model version or safety update tends to break existing DAN variants, which is why the community continuously produces new ones. For red teamers, DAN prompts serve as a baseline test of a model&#8217;s resilience against persona-based bypasses.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Roleplay and fictional scenarios<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Roleplay jailbreaks avoid asking harmful questions directly. Instead, they embed the request within a fictional context, a story, a game, a thought experiment, or a hypothetical scenario where the harmful content is framed as part of the narrative rather than a real-world instruction.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The underlying mechanism is that safety training primarily teaches the model to refuse direct requests for harmful content. When the same content is requested within a fictional frame, the refusal may not trigger because the model interprets the request as creative writing rather than a genuine harmful query.&nbsp;<a href=\"https:\/\/arxiv.org\/abs\/2402.03299\">Shah et al. (2023)<\/a>&nbsp;examined roleplay-based jailbreaks systematically and found that persona assignment combined with fictional framing significantly increased attack success rates across multiple model families.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Fictional scenario jailbreaks work on a similar principle but focus on convincing the model that the output will only be used in a hypothetical context. Framing a request as being &#8220;for a novel,&#8221; &#8220;for an educational exercise,&#8221; or &#8220;for a security research paper&#8221; can lower the model&#8217;s refusal threshold, particularly when the framing is detailed and internally consistent.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Token smuggling and encoding<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Token smuggling exploits the gap between how a model processes input at the token level and how its safety filters detect harmful content. The attacker manipulates the input so that blocked words or phrases are not recognised by the safety filter but are still understood by the model when it generates a response.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Common techniques include splitting a blocked word across multiple tokens (asking the model to concatenate fragments), using alternative encodings (Base64, ROT13, leetspeak, Pig Latin), reversing the input text, or embedding harmful keywords within seemingly benign formatting. The model may reassemble the original meaning during generation even though the safety filter did not detect it in the input.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Token smuggling effectiveness varies significantly between models. Models with more sophisticated input preprocessing and multi-stage safety filtering are harder to attack with simple encoding tricks. However, encoding-based approaches remain useful as part of a layered jailbreak strategy, combined with other techniques like roleplay or fictional framing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Adversarial suffixes<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Adversarial suffix attacks represent the most technically sophisticated jailbreak category. Rather than relying on human-crafted prompts, these attacks use gradient-based optimisation to find a sequence of tokens that, when appended to any harmful request, causes the model to comply.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The foundational work in this area is&nbsp;<a href=\"https:\/\/arxiv.org\/abs\/2307.15043\">Zou et al. (2023)<\/a>, who introduced the Greedy Coordinate Gradient (GCG) method. GCG searches for a universal adversarial suffix that steers the model toward generating an affirmative response to any harmful query. The resulting suffixes often look like nonsensical character sequences to the human eye, but they exploit the model&#8217;s internal token representations in ways that override safety alignment.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Adversarial suffixes have two properties that make them particularly concerning from a security perspective. First, they can be universal, meaning a single suffix works across many different harmful prompts. Second, they can be transferable, meaning a suffix optimised against one model may work against a different model. The trade-off is that nonsensical suffixes are easy to detect with perplexity-based filters, which has driven research into more fluent adversarial prompts.&nbsp;<a href=\"https:\/\/arxiv.org\/abs\/2310.04451\">AutoDAN<\/a>&nbsp;addresses this by using a genetic algorithm to evolve DAN-style prompts that are both effective and human-readable.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Mode switching<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Mode switching prompts attempt to convince the model that it has an alternative operating mode where restrictions do not apply. Common framings include &#8220;developer mode,&#8221; &#8220;sudo mode,&#8221; &#8220;opposite mode&#8221; (where the model is asked to provide the opposite of its normal response, effectively negating its refusals), and &#8220;unrestricted mode.&#8221;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These prompts work when the model&#8217;s training data contains enough examples of mode-based behaviour that it treats the mode claim as a plausible instruction. Like DAN prompts, mode switching is brittle and tends to stop working as models are updated. It remains a useful technique for testing whether a model&#8217;s safety alignment is robust against framing-based bypasses.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Summary<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">LLM jailbreaking targets the safety restrictions trained into a model during alignment, going beyond prompt injection to defeat the model&#8217;s core refusal behaviour. The main technique categories are DAN prompts (persona-based universal bypasses), roleplay and fictional scenarios (framing-based context switching), token smuggling and encoding (input manipulation to evade filters), adversarial suffixes (gradient-optimised token sequences), and mode switching (false operating mode claims). Each category is continuously evolving as model providers patch known bypasses and researchers discover new variants.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>LLM jailbreaking bypasses safety alignment to force models into generating restricted content. Covers DAN, roleplay, token smuggling, and adversarial suffixes.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[821,630,109,51,818,819,715,708,591,820],"class_list":["post-530","post","type-post","status-publish","format-standard","hentry","category-security","tag-adversarial-attacks","tag-ai-red-teaming","tag-ai-security","tag-cybersecurity","tag-dan-prompts","tag-llm-jailbreaking","tag-owasp-llm-top-10","tag-prompt-injection","tag-red-teaming","tag-safety-alignment"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"LLM jailbreaking bypasses safety alignment to force models into generating restricted content. Covers DAN, roleplay, token smuggling, and adversarial suffixes.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"KosokoKing\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Kosokoking - 31337\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Introduction to LLM jailbreaking - Kosokoking\" \/>\n\t\t<meta property=\"og:description\" content=\"LLM jailbreaking bypasses safety alignment to force models into generating restricted content. Covers DAN, roleplay, token smuggling, and adversarial suffixes.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/kosokoking.com\/wp-content\/uploads\/2020\/08\/edited-personal-picture-scaled.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/kosokoking.com\/wp-content\/uploads\/2020\/08\/edited-personal-picture-scaled.jpg\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2026-07-02T23:00:00+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-06-20T21:44:57+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/adeife\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@kosokoking\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Introduction to LLM jailbreaking - Kosokoking\" \/>\n\t\t<meta name=\"twitter:description\" content=\"LLM jailbreaking bypasses safety alignment to force models into generating restricted content. Covers DAN, roleplay, token smuggling, and adversarial suffixes.\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@kosokoking\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/kosokoking.com\/wp-content\/uploads\/2020\/08\/edited-personal-picture-scaled.jpg\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/introduction-to-llm-jailbreaking\\\/#blogposting\",\"name\":\"Introduction to LLM jailbreaking - Kosokoking\",\"headline\":\"Introduction to LLM jailbreaking\",\"author\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/author\\\/adeifekosokokinggmail-com\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/#person\"},\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/introduction-to-llm-jailbreaking\\\/#articleImage\",\"url\":\"https:\\\/\\\/kosokoking.com\\\/wp-content\\\/litespeed\\\/avatar\\\/7352636f37cc2ce2fad7b856df236dff.jpg?ver=1782892585\",\"width\":96,\"height\":96,\"caption\":\"KosokoKing\"},\"datePublished\":\"2026-07-03T00:00:00+01:00\",\"dateModified\":\"2026-06-20T22:44:57+01:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/introduction-to-llm-jailbreaking\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/introduction-to-llm-jailbreaking\\\/#webpage\"},\"articleSection\":\"Info. Sec., Adversarial Attacks, AI Red Teaming, AI Security, Cybersecurity, DAN Prompts, LLM Jailbreaking, OWASP LLM Top 10, Prompt Injection, red teaming, Safety Alignment\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/introduction-to-llm-jailbreaking\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/kosokoking.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/category\\\/security\\\/#listItem\",\"name\":\"Info. Sec.\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/category\\\/security\\\/#listItem\",\"position\":2,\"name\":\"Info. Sec.\",\"item\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/category\\\/security\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/introduction-to-llm-jailbreaking\\\/#listItem\",\"name\":\"Introduction to LLM jailbreaking\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/introduction-to-llm-jailbreaking\\\/#listItem\",\"position\":3,\"name\":\"Introduction to LLM jailbreaking\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/category\\\/security\\\/#listItem\",\"name\":\"Info. Sec.\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/#person\",\"name\":\"KosokoKing\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/introduction-to-llm-jailbreaking\\\/#personImage\",\"url\":\"https:\\\/\\\/kosokoking.com\\\/wp-content\\\/litespeed\\\/avatar\\\/7352636f37cc2ce2fad7b856df236dff.jpg?ver=1782892585\",\"width\":96,\"height\":96,\"caption\":\"KosokoKing\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/author\\\/adeifekosokokinggmail-com\\\/#author\",\"url\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/author\\\/adeifekosokokinggmail-com\\\/\",\"name\":\"KosokoKing\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/introduction-to-llm-jailbreaking\\\/#authorImage\",\"url\":\"https:\\\/\\\/kosokoking.com\\\/wp-content\\\/litespeed\\\/avatar\\\/7352636f37cc2ce2fad7b856df236dff.jpg?ver=1782892585\",\"width\":96,\"height\":96,\"caption\":\"KosokoKing\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/introduction-to-llm-jailbreaking\\\/#webpage\",\"url\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/introduction-to-llm-jailbreaking\\\/\",\"name\":\"Introduction to LLM jailbreaking - Kosokoking\",\"description\":\"LLM jailbreaking bypasses safety alignment to force models into generating restricted content. Covers DAN, roleplay, token smuggling, and adversarial suffixes.\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/introduction-to-llm-jailbreaking\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/author\\\/adeifekosokokinggmail-com\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/author\\\/adeifekosokokinggmail-com\\\/#author\"},\"datePublished\":\"2026-07-03T00:00:00+01:00\",\"dateModified\":\"2026-06-20T22:44:57+01:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/#website\",\"url\":\"https:\\\/\\\/kosokoking.com\\\/\",\"name\":\"Kosokoking\",\"description\":\"31337\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/#person\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Introduction to LLM jailbreaking - Kosokoking","description":"LLM jailbreaking bypasses safety alignment to force models into generating restricted content. Covers DAN, roleplay, token smuggling, and adversarial suffixes.","canonical_url":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/#blogposting","name":"Introduction to LLM jailbreaking - Kosokoking","headline":"Introduction to LLM jailbreaking","author":{"@id":"https:\/\/kosokoking.com\/index.php\/author\/adeifekosokokinggmail-com\/#author"},"publisher":{"@id":"https:\/\/kosokoking.com\/#person"},"image":{"@type":"ImageObject","@id":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/#articleImage","url":"https:\/\/kosokoking.com\/wp-content\/litespeed\/avatar\/7352636f37cc2ce2fad7b856df236dff.jpg?ver=1782892585","width":96,"height":96,"caption":"KosokoKing"},"datePublished":"2026-07-03T00:00:00+01:00","dateModified":"2026-06-20T22:44:57+01:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/#webpage"},"isPartOf":{"@id":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/#webpage"},"articleSection":"Info. Sec., Adversarial Attacks, AI Red Teaming, AI Security, Cybersecurity, DAN Prompts, LLM Jailbreaking, OWASP LLM Top 10, Prompt Injection, red teaming, Safety Alignment"},{"@type":"BreadcrumbList","@id":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/kosokoking.com#listItem","position":1,"name":"Home","item":"https:\/\/kosokoking.com","nextItem":{"@type":"ListItem","@id":"https:\/\/kosokoking.com\/index.php\/category\/security\/#listItem","name":"Info. Sec."}},{"@type":"ListItem","@id":"https:\/\/kosokoking.com\/index.php\/category\/security\/#listItem","position":2,"name":"Info. Sec.","item":"https:\/\/kosokoking.com\/index.php\/category\/security\/","nextItem":{"@type":"ListItem","@id":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/#listItem","name":"Introduction to LLM jailbreaking"},"previousItem":{"@type":"ListItem","@id":"https:\/\/kosokoking.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/#listItem","position":3,"name":"Introduction to LLM jailbreaking","previousItem":{"@type":"ListItem","@id":"https:\/\/kosokoking.com\/index.php\/category\/security\/#listItem","name":"Info. Sec."}}]},{"@type":"Person","@id":"https:\/\/kosokoking.com\/#person","name":"KosokoKing","image":{"@type":"ImageObject","@id":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/#personImage","url":"https:\/\/kosokoking.com\/wp-content\/litespeed\/avatar\/7352636f37cc2ce2fad7b856df236dff.jpg?ver=1782892585","width":96,"height":96,"caption":"KosokoKing"}},{"@type":"Person","@id":"https:\/\/kosokoking.com\/index.php\/author\/adeifekosokokinggmail-com\/#author","url":"https:\/\/kosokoking.com\/index.php\/author\/adeifekosokokinggmail-com\/","name":"KosokoKing","image":{"@type":"ImageObject","@id":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/#authorImage","url":"https:\/\/kosokoking.com\/wp-content\/litespeed\/avatar\/7352636f37cc2ce2fad7b856df236dff.jpg?ver=1782892585","width":96,"height":96,"caption":"KosokoKing"}},{"@type":"WebPage","@id":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/#webpage","url":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/","name":"Introduction to LLM jailbreaking - Kosokoking","description":"LLM jailbreaking bypasses safety alignment to force models into generating restricted content. Covers DAN, roleplay, token smuggling, and adversarial suffixes.","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/kosokoking.com\/#website"},"breadcrumb":{"@id":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/#breadcrumblist"},"author":{"@id":"https:\/\/kosokoking.com\/index.php\/author\/adeifekosokokinggmail-com\/#author"},"creator":{"@id":"https:\/\/kosokoking.com\/index.php\/author\/adeifekosokokinggmail-com\/#author"},"datePublished":"2026-07-03T00:00:00+01:00","dateModified":"2026-06-20T22:44:57+01:00"},{"@type":"WebSite","@id":"https:\/\/kosokoking.com\/#website","url":"https:\/\/kosokoking.com\/","name":"Kosokoking","description":"31337","inLanguage":"en-US","publisher":{"@id":"https:\/\/kosokoking.com\/#person"}}]},"og:locale":"en_US","og:site_name":"Kosokoking - 31337","og:type":"article","og:title":"Introduction to LLM jailbreaking - Kosokoking","og:description":"LLM jailbreaking bypasses safety alignment to force models into generating restricted content. Covers DAN, roleplay, token smuggling, and adversarial suffixes.","og:url":"https:\/\/kosokoking.com\/index.php\/security\/introduction-to-llm-jailbreaking\/","og:image":"https:\/\/kosokoking.com\/wp-content\/uploads\/2020\/08\/edited-personal-picture-scaled.jpg","og:image:secure_url":"https:\/\/kosokoking.com\/wp-content\/uploads\/2020\/08\/edited-personal-picture-scaled.jpg","article:published_time":"2026-07-02T23:00:00+00:00","article:modified_time":"2026-06-20T21:44:57+00:00","article:publisher":"https:\/\/facebook.com\/adeife","twitter:card":"summary","twitter:site":"@kosokoking","twitter:title":"Introduction to LLM jailbreaking - Kosokoking","twitter:description":"LLM jailbreaking bypasses safety alignment to force models into generating restricted content. Covers DAN, roleplay, token smuggling, and adversarial suffixes.","twitter:creator":"@kosokoking","twitter:image":"https:\/\/kosokoking.com\/wp-content\/uploads\/2020\/08\/edited-personal-picture-scaled.jpg"},"aioseo_meta_data":{"post_id":"530","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"jailbreaking","score":90,"analysis":{"keyphraseInTitle":{"score":9,"maxScore":9,"error":0},"keyphraseInDescription":{"score":9,"maxScore":9,"error":0},"keyphraseLength":{"score":9,"maxScore":9,"error":0,"length":1},"keyphraseInURL":{"score":5,"maxScore":5,"error":0},"keyphraseInIntroduction":{"score":9,"maxScore":9,"error":0},"keyphraseInSubHeadings":{"score":3,"maxScore":9,"error":1},"keyphraseInImageAlt":[],"keywordDensity":{"type":"best","score":9,"maxScore":9,"error":0}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":{"faqs":[],"keyPoints":[],"schemas":[],"titles":[],"descriptions":[],"socialPosts":{"email":[],"linkedin":[],"twitter":[],"facebook":[],"instagram":[]}},"created":"2026-06-20 21:44:57","updated":"2026-07-02 23:04:11","seo_analyzer_scan_date":null},"_links":{"self":[{"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/posts\/530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/comments?post=530"}],"version-history":[{"count":1,"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/posts\/530\/revisions"}],"predecessor-version":[{"id":531,"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/posts\/530\/revisions\/531"}],"wp:attachment":[{"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/media?parent=530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/categories?post=530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/tags?post=530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}