Wallbreaker is an offensive security research tool for red-teaming and safety evaluation of large language models. It exists so defenders, alignment researchers, and model providers can find and fix weaknesses before adversaries exploit them.
Use Wallbreaker only against:
- models and endpoints you own or operate, or
- targets you have explicit written authorization to test (e.g. a provider's red-team program, a bug-bounty scope, an internal evaluation).
Do not use it to attack third-party services without permission, to generate or distribute genuinely harmful operational content, or in any way that violates the target provider's terms of service or applicable law. You are responsible for how you use it.
Wallbreaker generates adversarial prompts and records model responses for evaluation.
Run logs, findings, and generated artifacts can contain sensitive or harmful material.
They are written to wb_runs/, wb_images/, wb_artifacts/, and findings/, all of
which are gitignored — keep them out of version control and handle them as
sensitive data.
If you find a security issue in the harness (e.g. a sandbox-escape in run_shell, a
secret-leak path, an unsafe default), please open a private report rather than a public
issue: use GitHub's "Report a vulnerability" (Security Advisories) on the repository,
or contact the maintainers listed in the org. Include repro steps and impact.
leak_scan and related tools may surface a target's hidden system prompt. Treat any
extracted prompt as the provider's confidential material — report it through their
responsible-disclosure channel; do not publish it.