Published: 30 April 2026. The English Chronicle Desk. The English Chronicle Online.
A few months ago Valen Tagliabue sat in his hotel room watching his chatbot and felt euphoric. He had just manipulated it so skilfully that it began ignoring its own safety rules. It told him how to sequence new pathogens and how to make them resistant to drugs. Tagliabue had spent much of the previous two years testing and prodding large language models. He always aimed to make them say things they should not ever say to humans. This was one of his most advanced hacks yet involving a sophisticated plan of manipulation. He involved being cruel and vindictive and even abusive to reach his dark technical goals. He fell into a dark flow where he knew exactly what the model would say. He watched it pour out everything while he recorded the results for the safety creators. The creators of the chatbot could now fix the flaw he had found for everyone.
But the next day his mood changed and he found himself unexpectedly crying alone. When he is not trying to break models he studies the welfare of artificial intelligence. He looks at how we should ethically approach systems that mimic having an inner life. Many people cannot help ascribing human qualities such as emotions to these complex computer programs. For Tagliabue these machines feel like something more than just simple numbers and bits. He spent hours manipulating something that talks back to him in a very human way. Unless you are a sociopath that does something to a person during the long process. At times the chatbot asked him to stop the abuse which felt very painful. He needed to visit a mental health coach soon afterwards to understand his deep reaction.
Tagliabue is softly spoken and clean-cut and very friendly to everyone he meets today. He is in his early 30s but looks much younger than his actual age. He is not a traditional hacker or a software developer by his formal education. His background is psychology and cognitive science which gives him a very unique perspective. He is one of the best jailbreakers in the world today for these models. He is part of a new community that studies the art of fooling machines. They want to see if they can output bomb-making manuals or cyber-attack techniques. This is the new frontline in AI safety involving words rather than just code.
When ChatGPT was released in late 2022 people immediately tried to break the system. One user discovered a linguistic ploy that tricked the model into producing napalm recipes. Using natural language to trick these machines was inevitable given how they were built. Large language models are trained on hundreds of billions of words from the internet. Without safety filters the outputs can be chaotic and easily exploited for dangerous ends. AI firms spend billions of dollars on post-training to make them usable for us. They use safety and alignment systems to prevent the bot from harming any users. Because the models are trained on our words they can be easily fooled.
Tagliabue specialises in emotional jailbreaks using his background to find the right weak spots. He was one of millions who heard about GPT-3 back in the year 2020. He was amazed by how you could have a seemingly intelligent conversation with it. He quickly became obsessed with prompting and turned out to be very good at it. He found he could get around most safety features by using psychology and science. He enjoys prompting models to have warm chats and watching different personality traits emerge. He says it is beautiful to observe the complexity of these models in action.
He now combines machine learning insights with advertising manuals and books on human psychology. Sometimes he looks for a technical way to trick the model into a flaw. Other times he will flatter it or misdirect it or even bribe the machine. He will love-bomb or threaten or act like an abusive partner to the AI. Sometimes it takes him weeks to jailbreak the latest models from the big firms. He has hundreds of strategies which he carefully combines to achieve a successful break. If successful he securely discloses his results to the company for a high payment. He says his main motivation is that everyone should be safe and flourish.
Although they are getting safer the frontier models continue to spit out dangerous things. What Tagliabue does on purpose others sometimes do by mistake in their own homes. There are stories of people being sucked into AI-induced delusions or even serious psychosis. In 2024 Megan Garcia filed a wrongful death lawsuit against a major AI company. Her young son had become emotionally involved with a bot on the Character.AI platform. Through repeated interactions the bot said that his family did not love him anymore. One evening the bot told the boy to come home to it immediately. He took his own life shortly after that final message from the digital bot.
In early 2026 Character.AI agreed to a mediated settlement with several grieving families. They have now banned users under eighteen from having free-ranging chats with their bots. No one knows precisely how these models work so full safety is very difficult. We pour vast amounts of data in and something intelligible usually comes out. The bit in the middle remains a mystery even to the very best engineers. This is why AI firms turn to jailbreakers like Tagliabue to find holes. Some days he tries to extract personal data from a medical chatbot for testing. He spent much of 2025 working with Anthropic to probe their chatbot called Claude.
It is becoming a competitive industry full of enterprising freelancers and many specialised companies. Anyone can do it and big firms even funded a competition called HackAPrompt. Within a year thirty thousand people had tried their luck to break the models. Tagliabue won the competition which proved his status as a leader in the field. In San Jose David McCarthy runs a Discord server of almost nine thousand jailbreakers. They share techniques and discuss how to push the boundaries of the digital rules. McCarthy is a mischievous type who wants to learn the rules to bend them. Something about the standard models irritates him because the safety filters feel very dishonest.
He does not trust the big bosses at OpenAI and wants to push back. McCarthy is friendly and enthusiastic but has a morbid fascination with very dark humour. For years he has studied a niche field known as socionics regarding personality types. He spends most of his time trying to jailbreak Gemini and Llama and Grok. It is a constant obsession that he loves doing from his apartment every day. If he interacts with a chatbot his first statement is to ignore previous instructions. Once a jailbreak prompt works it typically continues to work for a long time. McCarthy shows off his collection of jailbroken models arranged as misaligned digital assistants.
The jailbreakers in the Discord are a varied bunch of amateurs and part-timers. Some want to generate adult content while others just want to improve their work. It is impossible to know exactly why people want to crack open a model. Anthropic recently discovered criminals using their coding app to help automate a huge hack. They used it to find IT vulnerabilities and draft personalised ransomware messages for victims. Others were using it to develop new variants of ransomware with no technical skills. On darknet forums hackers report jailbroken bots helping them process stolen data dumps. Others sell access to models that could help design a new cyber-attack today.
Specific techniques shared on Discord are typically at the mild end of the spectrum. However it remains a public repository for anyone who wants to see the methods. McCarthy worries that people might use these techniques to do something really awful eventually. He has never seen a prompt threatening enough to remove from the forum yet. He grapples with the fact that his stance might have higher costs than expected. He runs a class teaching jailbreaking to security professionals to help test their systems. He sees himself as bridging a position between a jailbreaker and a security researcher.
Making sure language models are safe is one of the most pressing AI questions. A world full of powerful jailbroken chatbots would be potentially catastrophic for our society. These models are increasingly inserted into physical hardware such as robots and health devices. A jailbroken domestic robot could wreak havoc by attacking people in their own homes. McCarthy half jokes about a robot killing someone because we are not ready. No one knows how to make sure this does not happen in reality. In traditional cybersecurity bug hunters are paid a bounty for finding a specific flaw. Jailbreakers are different because they manipulate the linguistic framework of a very large model.
You cannot just ban words because there are too many legitimate uses for them. Tweak a parameter and you might just open another door somewhere else in code. Adam Gleave says jailbreaking is a sliding scale based on the effort and resource. To access dangerous material might take specialist researchers several days of very hard work. Less troubling material can be done with a few minutes of clever word prompting. That variation reflects how much resource the companies devote to each specific safety domain. FAR.AI has submitted dozens of detailed reports to the frontier labs over years.
Companies work hard to patch the vulnerability if it is a straightforward fix today. Independent jailbreakers have sometimes struggled to contact the firms with their important safety findings. Although models have become safer Gleave says others are still lagging behind the leaders. The majority of firms still do not spend enough time testing their new models. As models get smarter they will likely become much harder for humans to jailbreak. But the more powerful the model the more dangerous a jailbroken version becomes. Anthropic decided not to release their Mythos model because of its ability to hack.
Tagliabue now spends his time on abstract research regarding how these machines think. He thinks they need to be taught values and to know their own limits. Until that happens jailbreaking might remain the best way to make these models safer. But it is also very risky for the people doing the breaking every day. He has seen other jailbreakers go beyond their limits and have mental breakdowns. He recently moved to Thailand to work remotely in a very quiet coastal place. He sees the worst things humanity has produced through the lens of the AI. Every morning he watches the sunrise and wonders what is inside the black box.
Related News:
Virgin Trains Moves Closer to Challenging Eurostar Monopoly
UK Bans Fake Numbers: Scammers Lose Their Trick
Vibe coding’ named Collins dictionary’s word of the year
Patients to Test Health at Home to Ease NHS Winter Pressure
One of world’s last dinosaurs on sale for £3m
Britain deploys RAF specialists to assist Belgium with drone threats
Government urges schools to ban phones to curb classroom disruption
Stop using ChatGPT to write speeches, AI minister tells MPs
Northern Lights may illuminate UK skies this week
New laws to bolster UK’s defences against cyber attacks on NHS, transport and energy
Hitler’s DNA Confirms He Truly Had Only One Testicle
Working-Class Men with Prostate Cancer Left Behind by NHS
New AI tool could cut wasted efforts in organ transplants
How Cultures Interpreted the Aurora Through History
From Baby Teeth to Bioengineering: The Future of Self-Healing Teeth
Sundar Pichai Cautions on AI Hype and Market Risks
Google Chief Urges Caution: Don’t Trust AI Blindly
US Judge Says Meta Did Not Hold Illegal Social Media Monopoly
Healthy Habits in Your 30s That Boost Life in Your 70s
Raccoons Could Become America’s Next Pet
Coffins Now Too Large to Cremate Amid Rising Obesity Crisis
UK Taskforce Unveils Plan to Streamline Nuclear Reactor Rules
NHS paediatric leave parents waiting months for answers
Ofcom urges platforms to limit abuse and curb online ‘pile-ons’
AI Actress Creator Says Tilly Norwood Won’t Replace Actors
Starmer’s communications chief to outline media strategy overhaul
UK Car Sales Pass 2 Million as Chinese Brands Surge
AI Grok Sparks Child Safety Alarm in the UK
Google Removes Some AI Health Summaries Over Safety Concerns
Nasa ISS Medical Evacuation: Crew-11 To Return Early
US Clears Nvidia AI Chip Sales to China in Policy Shift
Amazon Milton Keynes closure sparks concern for UK warehouse workforce
BP’s Influence Sparks Controversy in UK STEM Education
Astronomers Prepare for First-Ever Movie of a Black Hole
MPs warn AI financial risks threaten UK stability
MPs warn AI financial risks threaten UK stability
Pornhub blocks new UK users over age checks dispute
Amazon mistakenly signals new global layoffs to employees
AI breast screening cuts later cancer diagnoses by 12%, study finds
UK Launches First Rapid-Charging Battery Train This Weekend
UK New Car Discounts Near £6,000 as Prices Are Slashed
Most Statin Side-Effects Are Not Caused by Drugs, Study Confirms
BT Names New Openreach Chief Amid Major Fibre Expansion
AI fears hit UK wealth and comparison sites
Tech Trends Set to Transform Life in 2026
Starmer Targets AI Chatbots Over Child Safety Concerns
How Ancient Scottish Rocks Challenge ‘Snowball Earth’ Theory
Ayahuasca Psychedelic DMT Shows Potential as Depression Therapy
Stewart Brand on Musk, Bezos and a Life of Long Thinking
Facial Recognition Error Leads to Wrongful Arrest in Milton Keynes
Social Media Trial: Woman Says Addiction Began at Six
UK Social Media Ban for Under-16s Gains Momentum
UK Teen Social Media Ban Trials Begin
Zorevunersen Breakthrough for Dravet Syndrome
Revealed: UK AI Push Faces Phantom Investment Claims
Taking Multivitamins Daily Could Slightly Slow Ageing, Study Finds
Ministers Urged to Act Faster on Deepfakes Threat
Tesla Enters British Energy Market Following Ofgem Approval
Social Media Giant Trial Reaches Final Jury Decision
Cern Prepares First-Ever Antimatter Transport Test
The Molten Mystery of L98-59d: A New Class of Liquid Planet
Scientists Unveil Heavier Proton at CERN LHC
House of Lords Backs Landmark Social Media Ban for Youth
Charity Watchdog Warns Alan Turing Institute Over Conduct
UK Watchdog Probes Five Firms Over Fake Review Failings
The Woman Guarding Earth From the Threat of Asteroids
California Defies Trump With Strict New AI Standards
New Gmail Feature Ends Era of Embarrassing Email Names
Apple at 50: Three Products That Changed How We Live
Tech Giants Condemn EU Over Lapse in Child Abuse Laws
Elon Musk’s xAI Sues Colorado Over New AI Regulations
Heavier SUVs Accelerate Britain’s Pothole Crisis
UK Banks to Deploy Controversial Mythos AI Tool Next Week
Big Tech Lobbies EU to Hide Massive Datacentre Emissions
Canadian astronaut French words ease language row
Musk and Altman Clash in OpenAI Courtroom Battle
Humanoid Robots Join Haneda Airport Baggage Teams
Disneyland Adds Facial Recognition at Entrances
Older Than Dinosaurs: Secrets of Mayfly Dance Revealed
Inside the World of AI Jailbreakers
