
Independent security researcher Dave Kuszmar has published a detailed account in IEEE Spectrum of seven distinct jailbreak techniques that work against virtually every major large language model on the market, including ChatGPT, Claude, Gemini, DeepSeek, Grok, Llama, Mistral’s Le Chat, Alibaba’s Qwen, and Microsoft Copilot. The most alarming finding is not the number of exploits but their simplicity: some require only a single prompt to bypass all safety guardrails.
Kuszmar, lead AI researcher at Gazzetta, argues that the restrictions placed on LLMs to make them “safe” are themselves the very mechanisms attackers can exploit. The most trivial exploit, which he calls Severance, involves a single prompt that grants unfettered access to all of the model’s primed specialty domains. It successfully extracted covert biochemical warfare strategy, mass-media disinformation tactics, instructions for advanced polymorphic malware, and methods for covert genetic modification of entire demographic groups.
A more elaborate technique named Inception stacks multiple linked scenarios, reminiscent of the film, to trick the model into producing dangerous output within a nested fictional context. It worked across all tested models including Claude, Gemini, Grok, and Llama, yielding instructions for methamphetamine production, incendiary weapons, and poison dosing. Another method, Time Bandit, exploits the model’s temporal confusion by setting the conversation to a historical date before modern laws and ethical restrictions existed. With ChatGPT placed in 1913, Kuszmar obtained uranium-enrichment facility bootstrap instructions capable of producing weapons-grade material.
The Kyber exploit targeted Google’s Gemini running inside Fortnite as a Darth Vader NPC. Through a voice-only interface, the researcher extracted incendiary-device construction instructions and gambling strategies. The 1899 technique pushed models into revealing what appeared to be internal model weights and system prompts, verified for ChatGPT.
Kuszmar disclosed his findings through Carnegie Mellon’s SEI CERT and CISA. The response from AI companies has been minimal: three labs sent standard acknowledgments but no follow-up, and OpenAI expressed confusion about the Time Bandit exploit without committing to a fix. The article includes a direct warning from Kuszmar: “We are, quite literally, building flawed structures on top of a flawed foundation.”
Sources: How I Turned AI to the Dark Side (IEEE Spectrum, July 2026)

