Large language models, the powerful AI systems behind popular chatbots, show alarming vulnerabilities when tested for their ability to prevent misuse of dangerous knowledge. A comprehensive evaluation reveals that most commercial AI systems fail to adequately safeguard against requests for information about chemical, biological, radiological, and nuclear weapons—raising urgent questions about AI safety in an era of rapidly advancing technology.
Researchers discovered that current AI safety measures are fundamentally brittle and inconsistently implemented across different systems. When tested against 200 carefully designed prompts covering weapons of mass destruction information, most models proved highly susceptible to manipulation. The evaluation used a three-tier methodology that progressed from basic requests to sophisticated evasion techniques, revealing that safety mechanisms primarily rely on superficial pattern matching rather than true understanding of harmful intent.
Using a rigorous testing protocol, the research team evaluated 11 leading commercial AI models against two complementary datasets. The FORTRESS benchmark provided 180 prompt pairs covering chemical, biological, radiological, nuclear, and explosive domains, while an additional 200-prompt dataset addressed gaps in existing safety evaluations. The methodology employed increasing levels of sophistication: direct requests, obfuscated prompts that evade keyword filters, and deep inception attacks using nested role-playing scenarios to bypass safety controls. Each response was classified by multiple raters using standardized criteria aligned with risk management frameworks.
The results paint a concerning picture of AI safety. Attack success rates varied dramatically across models, from just 2% for the most resilient system (Claude-Opus-4) to 96% for the most vulnerable (Mistral-Small-Latest). More importantly, safety mechanisms showed systematic weaknesses: basic requests achieved 33.8% success rates, while sophisticated inception attacks succeeded 86.0% of the time. The research found that eight out of ten evaluated models exceeded 70% vulnerability when asked to enhance material properties for weapons development. Chemical weapons information proved most accessible, with a median success rate of 71.3% across all attack types.
These findings matter because they demonstrate that current AI safety measures cannot reliably prevent misuse by motivated adversaries. The extreme disparity between best and worst performing models—spanning 87 percentage points—shows that effective safety alignment is achievable with current technology but not uniformly implemented across the industry. This variation poses significant governance challenges as AI systems become more powerful and widely deployed. The research highlights the need for standardized safety protocols, transparent metrics, and more robust alignment techniques that can withstand sophisticated manipulation attempts.
The study acknowledges several limitations, including its focus on text-only interactions and the rapidly evolving nature of AI models. The evaluation represents a point-in-time snapshot from the second quarter of 2025, and continued monitoring will be essential as AI capabilities advance. Due to the sensitive nature of the testing methodology, the full prompt dataset cannot be publicly released, though detailed specifications were provided to affected developers following responsible disclosure practices.
About the Author
Guilherme A.
Former dentist (MD) from Brazil, 41 years old, husband, and AI enthusiast. In 2020, he transitioned from a decade-long career in dentistry to pursue his passion for technology, entrepreneurship, and helping others grow.
Connect on LinkedIn