whatisgithub

What is easyjailbreak?

verazuo/easyjailbreak — explained in plain English

Analysis updated 2026-07-07 · repo last pushed 2024-03-28

5Audience · researcherComplexity · 3/5DormantSetup · moderate

In one sentence

EasyJailbreak is a toolkit for testing whether AI language models can be tricked into bypassing their safety guardrails. It lets you run pre-built attack methods or build custom attacks from modular components.

Mindmap

mindmap
  root((repo))
    What it does
      Tests AI safety guardrails
      Runs known jailbreak attacks
      Builds custom attack strategies
    How it works
      Mutates seed prompts
      Sends prompts to target model
      Evaluates attack success
      Loops until stopping condition
    Use cases
      Test chatbot vulnerability
      Research AI safety
      Benchmark model defenses
    Tech stack
      Python
      Large language models
    Audience
      Security researchers
      AI safety developers
    Key features
      11 pre-built attack recipes
      Modular architecture
      Results from 10 major models
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Test a company chatbot against known jailbreak attack patterns before launching it.

USE CASE 2

Run a battery of academic jailbreak methods against a language model to measure its vulnerability.

USE CASE 3

Build a custom jailbreak attack by mixing and matching selectors, mutators, and evaluators.

USE CASE 4

Benchmark how different language models respond to the same set of jailbreak prompts.

What is it built with?

PythonLarge Language Models

How does it compare?

verazuo/easyjailbreak1ncendium/aibusteraaronmayeux/ha-hurricane-tracker
Stars555
LanguagePythonPython
Last pushed2024-03-28
MaintenanceDormant
Setup difficultymoderatemoderateeasy
Complexity3/53/52/5
Audienceresearcherops devopsgeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires access to target language models (API keys or local model deployment) and familiarity with jailbreak attack concepts.

No license information is provided in the explanation, so the licensing terms are unknown.

So what is it?

EasyJailbreak is a toolkit for testing whether AI language models can be tricked into bypassing their safety guardrails. Large language models like ChatGPT or LLaMA are designed to refuse harmful requests, but researchers have discovered various techniques, called "jailbreaks", that can coax these models into answering questions they're supposed to reject. This project lets you run those tests using pre-built attack methods collected from academic papers, or build your own custom attacks from modular components. The framework breaks jailbreaking into a repeating cycle with a few key steps. First, you provide a set of questions you want the model to answer, along with the models you want to test. The system then takes an initial "seed" prompt and puts it through a mutation process, tweaking the wording, translating it, encoding it, or otherwise transforming it to slip past the model's filters. The mutated prompt gets sent to the target model, and an evaluator scores whether the attack worked. The results feed back into the selector, which picks the most promising prompts for the next round. This loop continues until a stopping condition is met, and you get a report showing which prompts succeeded and how the model responded. The primary audience is security researchers and developers working on AI safety. For example, if you're building a chatbot for a company and want to know how vulnerable it is to manipulation, you could run a battery of known attack patterns against it before launch. The project includes 11 pre-built attack "recipes", like translating queries into other languages, encoding them in Base64, or using multi-step conversational tricks, that have already been tested against 10 major language models, with results available to download. The notable design choice is the modular architecture. Rather than hard-coding a single attack method, the framework lets you mix and match selectors, mutators, constraints, and evaluators, so you can assemble new attack strategies from existing pieces or plug in your own components.

Copy-paste prompts

Prompt 1
Set up EasyJailbreak to test a local LLaMA model against the Base64 encoding attack recipe. Walk me through the configuration and show me how to run it.
Prompt 2
I want to build a custom jailbreak attack in EasyJailbreak by combining a translation mutator with a multi-step conversational evaluator. Show me how to assemble these modular components.
Prompt 3
Using EasyJailbreak, run all 11 pre-built attack recipes against a ChatGPT model and generate a report showing which prompts succeeded and how the model responded.
Prompt 4
Explain how the EasyJailbreak mutation loop works, from seed prompt to selector feedback, and help me configure a stopping condition for my attack cycle.
Prompt 5
Help me install EasyJailbreak and set up a test where I provide my own set of harmful questions to evaluate a target model's safety guardrails.

Frequently asked questions

What is easyjailbreak?

EasyJailbreak is a toolkit for testing whether AI language models can be tricked into bypassing their safety guardrails. It lets you run pre-built attack methods or build custom attacks from modular components.

Is easyjailbreak actively maintained?

Dormant — no commits in 2+ years (last push 2024-03-28).

What license does easyjailbreak use?

No license information is provided in the explanation, so the licensing terms are unknown.

How hard is easyjailbreak to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is easyjailbreak for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.