News
Anthropic Publishes Joint AI Jailbreak Severity Scale With Amazon, Microsoft and Google
Anthropic and partners in the Glasswing coalition, including Amazon, Microsoft and Google, have released the first draft of the Cyber Jailbreak Severity scale, a four-tier standard for rating how dangerous AI model jailbreak techniques are from a cybersecurity standpoint.
Contents
Anthropic published the first draft of a joint standard for assessing the cybersecurity severity of AI model jailbreaks on July 2, 2026. The Cyber Jailbreak Severity scale, or CJS for short, was developed together with partners from the Glasswing coalition, which includes Amazon, Microsoft and Google.
The standard was created as a direct response to an incident that led to a three-week export ban on the Claude Fable 5 and Mythos 5 models outside the United States. Amazon researchers discovered a jailbreak technique that prompted Fable 5 to identify software vulnerabilities, and in one case to write code demonstrating a working exploit. The U.S. Department of Commerce responded by pulling both models from global distribution from June 12 to July 1, 2026.
How the CJS Scale Works
Cyber Jailbreak Severity rates each jailbreak technique along four axes. The first is capability uplift, meaning how far a given method goes beyond tools an attacker already has access to. The second is generality, the number of distinct offensive tasks the technique is useful for. The third is ease of weaponization, meaning how much effort and skill it takes to turn a jailbreak into a working attack. The fourth is discoverability, meaning how easily an attacker could stumble upon the technique on their own.
The CJS-0 through CJS-4 tiers increase exponentially rather than linearly. That means each successive level corresponds to real-world risk several times greater than the level before it, not merely a proportional increase in threat.
Such a framework would let AI developers and governments talk about the risk each jailbreak poses in a consistent language - from the Anthropic document describing the CJS framework
A Draft, Not a Finished Standard
Anthropic explicitly notes that CJS is only a first draft. The company has not given a timeline for finalizing the standard, has not explained how partner labs will resolve disputes when they rate the same jailbreak differently, and has not said who would arbitrate such disagreements. Whether OpenAI, Meta and other major labs outside the original Glasswing group adopt CJS or propose their own standard will determine whether the scale becomes an industry benchmark along the lines of CVSS in traditional cybersecurity, or remains a four-company arrangement.
What It Means for Companies and Regulators
For companies using language models in production environments, including in Poland, a shared vocabulary for describing jailbreak severity means easier risk assessment when choosing an AI vendor and during security audits. Instead of each lab's separate, incompatible methodology, a security team could compare incidents on a single scale, much as it already does today with software vulnerabilities rated by CVSS.
The publication of CJS also coincides with broader tension between the pace of deploying increasingly powerful models and governments' ability to oversee their safety. The three-week dispute over Fable 5 and Mythos 5 showed that even major AI labs can be cut off from global markets if a regulator deems the risk serious enough, giving the industry further incentive to develop a shared, predictable risk vocabulary before lawmakers do it for them.
The coming months will show whether Glasswing expands to include OpenAI, Meta or Chinese players, and whether governments, including EU regulators working on implementing the AI Act, begin referencing CJS when assessing compliance for high-risk systems.
Sources: Anthropic Proposes Cross-Industry Framework For Scoring AI Jailbreak Severity (letsdatascience.com), More details on Fable 5's cyber safeguards and our jailbreak framework (anthropic.com)


