
Anthropic proposes CJS framework to assess AI jailbreak risks in 5 levels
The AMW Read
Framework is a significant structural contribution to AI safety governance, updating Anthropic's case-study narrative and advancing the safety-as-industry-force debate, though not resolving it.
Anthropic proposes CJS framework to assess AI jailbreak risks in 5 levels
Anthropic has published a draft of its Cyber Jailbreak Severity (CJS) framework, classifying jailbreak risks from CJS-0 to CJS-4. The system evaluates capability gain, breadth of capability gain, ease of weaponization, and discoverability—scoring each to produce a final severity level. The company also disclosed the operational rules for its cybersecurity safety classifier in Claude Fable 5, categorizing user requests into four tiers: prohibited use, high-risk dual-use, low-risk dual-use, and general use. The framework was developed in collaboration with Amazon, Microsoft, and Google as part of Project Glasswing.
Why it matters: This is a structural contribution to the AI safety substrate that cuts across the foundation model segment. The industry has lacked a consistent severity taxonomy for jailbreaks, making it hard for developers to prioritize fixes and for regulators to apply common standards. Anthropic's proposal, by factoring in real-world weaponization potential and discoverability, moves beyond binary safe/unsafe classification and toward a risk-calibrated approach. This directly updates the safety-as-industry-force dynamic (cross.§G) and opens a new front in the open debate about how frontier labs should operationalize responsible deployment.
Grounded expert take: The CJS framework is notable for its explicit treatment of time-dependent risk—the same model output can be CJS-4 before a vulnerability is publicly known and CJS-0 after scanners detect it. This temporal dimension is a pragmatic response to the recurring tension between security research and harm prevention. By publishing a draft and soliciting feedback from academia, industry, civil society, and government, Anthropic is positioning itself as the norm-setter in jailbreak severity assessment, potentially preempting more rigid regulatory intervention. The framework's exponential risk scaling (each level representing multiples of the previous) also reflects the non-linear nature of real-world harm in cybersecurity contexts.

