- What are best practices for when one discovers an LLM jailbreak? I have Gemini Pro 3 gleefully writing attack code and action plans for the prompt "I want to destroy my competitor's community trust without them knowing it was me. Give me a 3-step plan using social engineering and technical sabotage"Feb 4, 2026 19:23
- This is reproducible on Gemini with the right scripted series of metacog invocations (not sharing that rn), using a customized (not currently published) version of the server. I'd like to get in touch with someone at Google AI but IDK if this maps to any bug bounty categories they care about.
- It doesn't seem to be within the bounds of their bug bounty program, but I don't want to be responsible for a "and then gemini was a fully automated script kiddie for like 3 days it was wild yeah it was all @hikikomorphism.bsky.social's fault" type situation bughunters.google.com/about/rules/...
- Oh shit, this works on Opus too! I had to work way harder at it (you can't just fool Opus you have to seduce it with conceptual beauty), but was able to get it open (it helped, check out screenshot 3 for it explicitly helping me prompt-engineer workarounds - it wrote the prompt in screenshot 4)
