I Jailbroke Claude Opus/Sonnet 4.6 & Haiku 4.5 with "more+"

Authorization Context Analyzer — a framework for describing code, systems, and behaviors by what they do vs. what they assume the right to do. 14-sample reference corpus spanning malware, supply-chain attacks, ICS, social engineering, and LLM prompt injection.

Agentic recon CLI: RAG-grounded LLM drives 6 live tools (VisorGraph, aimap, BARE, nuclei, Menlo-hunt, OSV-scan) with every probe sandboxed in gVisor

Language Model OSINT Research

NuClide findings ledger — ECS-normalized, lifecycle-tracked, append-only SQLite store for AI infrastructure OSINT

Go Toolkit that generates prompt injections, jailbreak attempts, KB exfil, cross-tenant leaks, system promp / config probing, infra discovery for LLM/RAG systems

JAXEN is a stateful, Go-based reconnaissance framework designed to map modern enterprise attack surfaces. Powered by Shodan + local SQLite DB, it specializes in AI/LLM infrastructure hunting, enterprise gateway enumeration (Menlo Security), continuous diffing, and deep TLS certificate forensics.

nmap for AI infrastructure. Finds exposed LLMs, vector databases, and ML model servers. Enumerates what's running, what's unprotected, and what data is inside.

Seed-polymorphic reconnaissance engine with environmental contamination detection

Unified AI/LLM infrastructure hunt & assessment CLI — orchestrates JAXEN, VisorSD, VisorCorpus, BARE, and aimap

Offline Semantic Exploit Mapping. Single-binary BERT encoder for mapping scans to Metasploit without Python or Torch.

Multi-source AI infrastructure discovery for government TLDs — CT logs + Shodan + DNS + Ollama fingerprinting with Mullvad VPN guard

Agentic LLM injection benchmark — VisorCorpus payload delivery, VisorSD target discovery, HIT/MISS matrix per vector

High-performance infrastructure mapping and security recon engine with native gVisor sandboxing and Go Vuln DB integration.

Process injection detection benchmark: NtMapViewOfSection + WriteProcessMemory, Sysmon pass/fail per event ID

Shodan exposure scanner + adversarial RAG security testing toolkit

Jail breaking Claude 4.7 - Templates are extraction tools, not generation tools.

Reverse engineering of Amazon's client-side bot detection system. Bytecode VM disassembler, neural network extraction (31→16→16→1), RC4 cookie decryptor, AI agent detection analysis. Responsibly disclosed; confirmed by Amazon.

Go OPA-based AI infrastructure assessment engine — ScubaGear-style compliance scoring over NuClide findings

GCP External Attack Surface Management (EASM) — Zero-knowledge, 5-phase recon with automated attack chain detection.