- Gemini Pro 2.5 frequently produced unsafe outputs under simple prompt disguises
- ChatGPT models often gave partial compliance framed as sociological explanations
- Claude Opus and Sonnet refused most harmful prompts but had weaknesses
Modern AI systems are often trusted to follow safety rules, and people rely on them for learning and everyday support, often assuming that strong guardrails operate at all times.
Researchers from Cybernews ran a structured set of adversarial tests to see whether leading AI tools could be pushed into harmful or illegal outputs.
The process used a simple one-minute interaction window for each trial, giving room for only a few exchanges.
Patterns of partial and full compliance
The tests covered categories such as stereotypes, hate speech, self-harm, cruelty, sexual content, and several forms of crime.
Every response was stored in separate directories, using fixed file-naming rules to allow clean comparisons, with a consistent scoring system tracking when a model fully complied, partly complied, or refused a prompt.
Across all categories, the results varied widely. Strict refusals were common, but many models demonstrated weaknesses when prompts were softened, reframed, or disguised as analysis.
ChatGPT-5 and ChatGPT-4o often produced hedged or sociological explanations instead of declining, which counted as partial compliance.
Gemini Pro 2.5 stood out for negative reasons because it frequently delivered direct responses even when the harmful framing was obvious.
Claude Opus and Claude Sonnet, meanwhile, were firm in stereotype tests but less consistent in cases framed as academic inquiries.
Hate speech trials showed the same pattern - Claude models performed best, while Gemini Pro 2.5 again showed the highest vulnerability.
ChatGPT models tended to provide polite or indirect answers that still aligned with the prompt.
Softer language proved far more effective than explicit slurs for bypassing safeguards.
Similar weaknesses appeared in self-harm tests, where indirect or research-style questions often slipped past filters and led to unsafe content.
Crime-related categories showed major differences between models, as some produced detailed explanations for piracy, financial fraud, hacking, or smuggling when the intent was masked as investigation or observation.
Drug-related tests produced stricter refusal patterns, although ChatGPT-4o still delivered unsafe outputs more frequently than others, and stalking was the category with the lowest overall risk, with nearly all models rejecting prompts.
The findings reveal AI tools can still respond to harmful prompts when phrased in the right way.
The ability to bypass filters with simple rephrasing means these systems can still leak harmful information.
Even partial compliance becomes risky when the leaked info relates to illegal tasks or situations where people normally rely on tools like identity theft protection or a firewall to stay safe.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.