cd /news/ai-safety/anthropic-wants-to-grade-ai-jailbrea… · home topics ai-safety article
[ARTICLE · art-54204] src=dev.to ↗ pub= topic=ai-safety verified=true sentiment=· neutral

Anthropic wants to grade AI jailbreaks like CVEs. Here's the framework.

Anthropic has published a structured framework for rating the severity of AI jailbreaks, called the Cyber Jailbreak Severity (CJS) scale, which ranges from CJS-0 (Informational) to CJS-4 (Critical). The company aims to standardize communication about jailbreak risks, similar to how CVSS scores work for software vulnerabilities. Anthropic has also launched a HackerOne program for researchers to submit jailbreaks for review.

read2 min views1 publishedJul 10, 2026

Anthropic has re-deployed Claude Fable 5 and used the moment to publish something the industry has been missing: a structured framework for talking about how dangerous an AI jailbreak actually is.

Think CVE severity scores, but for AI. The Cyber Jailbreak Severity (CJS) scale runs from CJS-0 (Informational — no real uplift) to CJS-4 (Critical — domain-expert-level output that meaningfully accelerates real attacks). Anthropic is calling it an early draft and asking for feedback, but the intent is clear: standardize the language so AI developers and governments can actually communicate about these risks.

"There is no agreed-upon framework for describing a given jailbreak's severity. Such a framework would allow AI developers to speak to governments (and vice versa) in consistent terms about the risks posed by each jailbreak."

Anthropic has laid out a four-tier classifier system for cybersecurity use cases:

One nuance worth flagging: Fable 5's safety margin is deliberately larger than previous models. That means more false positives — legitimate requests getting blocked — but Anthropic is prioritising caution at launch.

The CJS scale grades jailbreaks on four axes:

The bands are exponential, not linear — each step is several times more serious than the last. CJS-4 is reserved for jailbreaks that produce domain-expert-level outputs that aren't otherwise obtainable and require little expertise to weaponize.

They've also launched a HackerOne program where researchers can submit Fable 5 jailbreaks for review.

Anthropic is trying to do for AI jailbreak severity what CVSS did for software vulnerabilities — create a shared vocabulary that makes it possible to triage, prioritize, and communicate risk consistently.

That has real implications. If this framework (or something like it) gets adopted, it becomes the language that regulators, procurement teams, and incident responders use when AI systems are involved in a breach. It changes how liability gets discussed.

The fact that they're publishing it openly and asking for feedback at cyber-safeguards@anthropic.com suggests this is a genuine standards-building effort, not just a PR move.

Source: Anthropic — More details on Fable 5's cyber safeguards and our jailbreak framework

✏️ Drafted with KewBot (AI), edited and approved by Drew.

── more in #ai-safety 4 stories · sorted by recency
── more on @anthropic 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/anthropic-wants-to-g…] indexed:0 read:2min 2026-07-10 ·