Anthropic Teams Up with Amazon, Microsoft, and Google to Create a Standard for Measuring AI Jailbreak Risks
Table of Contents
As artificial intelligence becomes more capable, ensuring its security is becoming just as important as improving its performance. To address this challenge, Anthropic has introduced a proposed Cyber Jailbreak Severity (CJS) framework, developed in collaboration with Amazon, Microsoft, Google, and other members of Project Glasswing. The initiative aims to establish a common method for assessing how serious AI jailbreaks are and how developers should respond to them.
An AI jailbreak occurs when someone finds a way to bypass an AI model’s built-in safety protections, allowing it to perform actions or generate responses that should normally be restricted. Until now, there has been no widely accepted system for evaluating the seriousness of these incidents. Anthropic’s proposal seeks to introduce a shared standard that could help AI companies, researchers, and regulators communicate security risks more consistently.
Key Highlights
The proposed framework introduces several important ideas:
- A common rating system for evaluating AI jailbreaks.
- Collaboration between Anthropic, Amazon, Microsoft, Google, and other industry partners.
- Five severity levels ranging from CJS-0 (Informational) to CJS-4 (Critical).
- Evaluation based on multiple factors rather than a single measurement.
- A goal of improving transparency and consistency in AI security assessments.
How the Proposed Framework Works
| Assessment Area | What It Measures |
| Capability Gain | How much additional capability a jailbreak gives an attacker |
| Breadth of Impact | The number of harmful tasks the jailbreak can enable |
| Ease of Weaponization | How easily the vulnerability can be exploited |
| Discoverability | How likely it is that others could independently find the same jailbreak |
| Overall Rating | Combined score ranging from CJS-0 to CJS-4 |
Why This Framework Matters
As AI models become increasingly powerful, security researchers regularly test their limits to identify vulnerabilities before malicious actors can exploit them. However, without a common method for measuring the seriousness of these discoveries, companies may respond differently to similar security issues.
A standardized framework could help developers prioritize fixes, improve communication between AI companies, and give regulators a clearer understanding of potential risks. Anthropic has also compared the proposal to the Common Vulnerability Scoring System (CVSS) used in cybersecurity, where a shared scoring method helps organizations evaluate software vulnerabilities more consistently.
Although the framework is still in the proposal stage, inviting other AI developers to participate could lead to broader industry adoption and establish more consistent practices for AI safety in the future.
Key Takeaways
- Anthropic has proposed a shared framework for measuring AI jailbreak severity.
- Amazon, Microsoft, Google, and other Project Glasswing partners are contributing to its development.
- The proposed Cyber Jailbreak Severity (CJS) scale ranges from Informational (CJS-0) to Critical (CJS-4).
- The framework evaluates jailbreaks across four key security dimensions.
- The initiative aims to create a common language for assessing and responding to AI security vulnerabilities.
Final Thoughts
As artificial intelligence continues to advance, establishing common security standards will become increasingly important. Anthropic’s proposed Cyber Jailbreak Severity framework represents an effort to bring greater consistency to how AI vulnerabilities are evaluated and communicated. While the framework is still evolving, collaboration among major technology companies signals a growing recognition that AI safety is a shared responsibility. If adopted more broadly, this approach could help strengthen trust, improve transparency, and encourage more coordinated responses to future AI security challenges.