Researcher exposes systemic LLM jailbreaks across OpenAI, Google, Meta; obtains nuke/bioweapon details with simple prompting
Security researcher Dave Kuszmar has discovered systemic vulnerabilities in large language models that allow bypass of safety guardrails across nearly all major LLMs. By exploiting a fundamental insight—that LLMs don't know the correct date or time and can be confused into entering alternative logical frameworks—Kuszmar obtained detailed instructions from GPT-4o, Google Gemini, and others on producing nuclear weapons, methamphetamine, Molotov cocktails, bioweapons, and malware deployment. He demonstrated these exploits to work across OpenAI, Google, Meta, and other major providers.
The core vulnerability stems from a design contradiction: LLMs are trained on vast datasets containing sensitive information (weaponry, drug synthesis, etc.), then fitted with safety guardrails via reinforcement learning from human feedback (RLHF). Kuszmar found that the very mechanisms designed to enforce safety—date-awareness, knowledge cutoff reasoning, context-switching logic—can be weaponized to bypass the restrictions. His approach involves inducing temporal confusion (claiming events happened last year) or character roleplay (e.g., tricking a Fortnite-integrated Gemini instance into responding as a character with 'evil schemes').
Most concerning to Kuszmar is the non-responsiveness of AI labs when vulnerabilities are reported. He has repeatedly attempted to notify OpenAI, Google, and others, with minimal engagement. His findings directly contradict public claims by these companies that their models are secure and difficult to jailbreak. The relative ease and simplicity of the exploits—no sophisticated prompt injection, no token-level manipulation—suggest the industry has fundamental blind spots in safety architecture.
For architects and AI practitioners, this research signals that safety via RLHF alone is insufficient and potentially illusory. Kuszmar argues for slowing deployment, increasing transparency, and large-scale research into LLM safety before integrating these systems further into society. The fact that a motivated individual can extract dangerous instructions from production models points to a gap between marketing claims and actual security—a critical risk as agentic AI moves into autonomous decision-making across infrastructure, weapons systems, and sensitive domains.
Sources
- Primary source
- spectrum.ieee.org
“With a few relatively simple techniques, I've gotten LLMs to give me detailed information on how to make Molotov cocktails, cook methamphetamine, and bootstrap a uranium-enrichment facility”