Anthropic has developed a new security system for its language model Claude, aimed at making so-called jailbreaks more difficult. With Constitutional Classifiers, the system filters problematic requests to prevent Claude from generating unwanted content. In 95% of the tested cases, the system proved successful—but it also presents disadvantages during implementation.
With the increasing prevalence of generative AI, AI jailbreaks pose a significant threat, as they can bypass the security and ethical guidelines of an AI model. Anthropic, the provider of Claude LLMs, claims to have found a protective mechanism that prevents such jailbreaks in 95% of all test cases.
(Image: DALL-E / AI-generated)
Anthropic is considered one of the leading providers of advanced, proprietary AI models in the USA, alongside ChatGPT developer OpenAI. The company's series of large language models, named Claude, is designed to be safe, accurate, and reliable, capable of performing a variety of tasks, including text creation, image analysis, and code debugging. Like all major AI models on the market, Anthropic faces a significant challenge: preventing users from circumventing the protection mechanisms in a trained AI model through clever inquiries and using it to disclose sensitive information or for undesirable purposes.
What is an AI jailbreak and why is it a problem?
A jailbreak in the context of AI models describes a technique that allows bypassing the security and ethical guidelines of a model. This can cause language models to generate content they would normally refuse—such as instructions for making dangerous substances, assistance with cyberattacks, or other prohibited information.
Such attacks employ various methods: Some jailbreaks use targeted prompt manipulations by deceiving the model through indirect phrasing or role-playing. Others use obfuscated inputs, such as altered spellings or symbolic representations, to outsmart the system. In some cases, multiple such techniques can be combined to bypass existing security filters.
The problem is that no protective measure is absolutely secure. Security researchers continually discover new ways to outsmart AI models. In security-critical areas—such as biotechnology or cybersecurity—this can have serious consequences if dangerous knowledge falls into the wrong hands.
OpenAI and Anthropic are therefore constantly refining their offered models to prevent the threat of such jailbreaks. Whenever a prompt injection becomes known, the providers try to quickly block it again through algorithm updates. Ironically, the DeepSeek models DeepSeek-R1 and DeepSeek-V3, which recently gained attention for their impressive performance, are reported to perform particularly poorly at preventing jailbreak requests—making them likely unsuitable for applications where security is of utmost importance.
An AI filter with strengths and weaknesses
Anthropic's protection system is based on the Constitutional AI approach, where a predefined list of principles dictates what content is allowed. Using synthetic data, 10,000 jailbreaking prompts were created to test the system against known attack patterns. An initial internal test already proved to be thoroughly positive: while an unprotected version of Claude 3.5 Sonnet could only block 14 percent of the conceived attacks, the protected variant achieved a success rate of 95 percent.
However, some disadvantages also became apparent. Although the filter is effective, its use also led to an increase in false-positive blockings. Approximately 1.5 percent of legitimate requests were wrongly rejected—a value that has increased by 0.38 percent compared to the unprotected version. However, this might be considered a negligible factor given the increased security.
However, another disadvantage of the protective mechanism is the increased computational effort. According to Anthropic, the required computing power increases by almost 24 percent. The larger and more complex the model to be protected is, the greater the associated computational effort becomes, making the use of the system in productive environments more expensive.
Jailbreaks remain a challenge
Despite the high blocking rate, the system is not infallible. Experts emphasize that new jailbreaking techniques could continue to exploit vulnerabilities. Security researchers suggest combining various protection mechanisms to ensure an even more robust defense. Anthropic even announced a bug bounty program among users of the Claude LLMs: Until February 10, Claude users could sign up for a test, with up to 15,000 US dollars offered to anyone who manages to find a general approach to bypassing the developed jailbreak protection algorithm.
Anthropic emphasizes that the filters used can be flexibly adjusted to respond to new threats. However, the further development of such protective mechanisms remains a challenge in the race between attackers and developers—and shows that absolute security does not exist even in AI development. (sg)
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
:quality(80)/p7i.vogel.de/wcms/af/1e/af1ec4fca4636f521f780ba0ae009c8e/bild3-werkst-c3-bcck-20und-20werkzeug-5204x2928v1v1.jpeg "The main area of application for the new axial gear cutting machine is the production of rotor shafts for electric vehicles. (Image:Profiroll Technologies)")
:quality(80)/p7i.vogel.de/wcms/d1/ab/d1ab452217529e5c29a81add9aca7c22/0128871322v1.jpeg "Only one year to go: the new EU Machinery Regulation makes cybersecurity mandatory. Companies should act now. (Picture: ©Pisit - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/88/53/8853f7df2fe47a3d2c6f1879f6ac38e6/newsimage417073-1500x843v1v1.jpeg "Measuring setup for friction stir welding: Modular acoustic measuring system with flexibly positioned microphones for recording tool wear and process deviations in real time. (Image:Fraunhofer IDMT)")
:quality(80)/p7i.vogel.de/wcms/28/75/28751a17e2bcca46e53a1e7b8a84c433/schmersal-tiepner-029-6749x3796v1v1.jpeg "Tiepner's compact system produces ID cards made of laminated plastic, which are used as customer cards, ID cards or cheque cards, among other things. Left in the picture: Christian Höltge, Managing Director of Tiepner GmbH. (Image:Tiepner GmbH)")
:quality(80)/p7i.vogel.de/wcms/cd/fe/cdfe212a3b3206e2ff09dcdf71c11240/0129219561v1.jpeg "Extended S-series: The new Cobot models from Omron lift up to 30 kilograms and are now also protected against dust and water thanks to protection class IP65. (Image:Omron)")
:quality(80)/p7i.vogel.de/wcms/c3/6d/c36d161e7709095fd1de4cb9de27d927/0129133682v1.jpeg "Nanjing is Siemens' largest research and production center for CNC systems, drives and electric motors outside Germany. (Image:Siemens)")
:quality(80)/p7i.vogel.de/wcms/70/dc/70dc2fbc09e6958a72c63bd15e986e14/0129206156v1.jpeg "The global shoe machine manufacturer Desma relies on automation and has been revolutionizing shoe production—together with ABB Robotics for over 40 years. (Image:ABB Robotics)")
:quality(80)/p7i.vogel.de/wcms/60/fd/60fd12ddfe1fb623568736f27d1cfe61/0128606899v1.jpeg "The future of supply chains: AI and dashboards to ensure optimal OTIF values (Picture: ©immimagery - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/39/38/393873c2ed943bb715a6419d94049b63/geralt-entrepreneur-1340649-1280-1280x720v1v1.jpeg "Visual Components presents its forecast for production simulation in 2026. (Image:Pixabay)")
:quality(80)/p7i.vogel.de/wcms/60/4e/604e2a1ce26f177c5f28c2bff94c2f7d/der-20rotor-20mit-20aktiv-20verwindbaren-20rotorbl-c3-a4ttern-20im-20windkanal-1920x1079v1v1.jpeg "The rotor with actively twistable rotor blades in the wind tunnel: The open measuring section and sound-absorbing wall and model fuselage cladding enable high-quality acoustic measurements. (Image:DLR)")
:quality(80)/p7i.vogel.de/wcms/a8/9a/a89aef1cba3843fa06a1ec1f07cf659b/adobestock-95634179--c2-a9-20crazyforanimeart-20-e2-80-93-20stock-adobe-com-4762x2678v1v1.jpeg "Copied from the octopus: Researchers have developed a film-like thin-film platform that can dynamically change not only its color but also its surface structure. (Image:AdobeStock_95634179_ CrazyForAnimeArt)")
:quality(80)/p7i.vogel.de/wcms/2b/fb/2bfbb9fa26274cb8f6e8979c24a3d08e/0129243542v1.jpeg "In some cases, the new additively manufactured lightweight bearings only reach
11 percent of the weight of comparable steel bearings. (Image:Rosswag Engineering)")
:quality(80)/p7i.vogel.de/wcms/25/11/25111828d56b46dc0dc3b717ac2dfcfa/0129276081v1.jpeg "According to media reports, Ford is negotiating with Geely about cooperation in production and technology. (Image:Ford)")
:quality(80)/p7i.vogel.de/wcms/b7/2d/b72dfd1458e86652491018914478cb00/0129259253v1.jpeg "The green belt of VW Palmela - including two geothermal fields and a new paint shop. (Image:VW Group)")
:quality(80)/p7i.vogel.de/wcms/cb/76/cb76d0c686e8dbc8b0e0b6961e3849c7/0129249515v1.jpeg "The Chinese Ministry of Industry and Information Technology has developed binding standards for retractable vehicle door handles. (Image:BYD)")
:quality(80)/p7i.vogel.de/wcms/42/0a/420a796e6b9d9e3bf27d89d4fe425d84/0129264331v1.jpeg "Polestar presented the new Model 5 live. (Image:Polestar)")
:quality(80)/p7i.vogel.de/wcms/6f/8f/6f8ff5bf9b81829ef22736bc790cecca/0129224894v1.jpeg "View of the quantum optics laboratory at the University of Stuttgart: here, researchers are experimenting with new photon sources for quantum computing and quantum networks. (Image:Barz Group, University of Stuttgart)")
:quality(80)/p7i.vogel.de/wcms/52/3a/523ac3157ae4b4f596c7241c89127061/0129260553v1.jpeg "This artistic illustration shows a thermal analog calculator that performs calculations using excess heat and is embedded in a microelectronic system. (Image:Jose-Luis Olivares, MIT)")
:quality(80)/p7i.vogel.de/wcms/d1/f4/d1f4508c6b79ec2f0432b34a6fa33a98/0114966184v1.jpeg "The Infineon headquarters Campeon in Neubiberg, Munich. (Image:Infineon)")
:quality(80)/p7i.vogel.de/wcms/fa/d3/fad3872cf3f110f43411f2dce9e8f23a/0129265762v1.jpeg "Siemens Energy has discovered the USA as a prosperous growth market for network technology and gas turbines! In order to be able to meet demand at some point, the company is already digging deeper into its pockets ... (Image:Siemens Energy)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80)/p7i.vogel.de/wcms/02/ec/02ecd0d6393d4fb870ff597853b313b5/0125488525v1.jpeg "AI for everyday use is very curious, but some LLMs snoop more than others. (Image:Dall-E / AI-generated)")
:quality(80)/p7i.vogel.de/wcms/4c/e3/4ce32c632529ce40f7d75908e1348cde/0122778321v1.jpeg "Venturing into the unknown: With its open-source availability and purportedly significantly lower operating costs, DeepSeek's Reasoning-LLM R1 openly challenges established AI model providers, most notably ChatGPT operator OpenAI. (Image:Screenshot / DeepSeek)")