Constitutional Classifiers++: More efficient protection against jailbreaks (www.anthropic.com)

Anthropic has announced the launch of Constitutional Classifiers++, an upgraded defense mechanism aimed at enhancing the security of large language models against jailbreaks—techniques that bypass protective barriers to extract harmful information. This next-generation system builds on the original Constitutional Classifiers, which significantly reduced jailbreak success rates from 86% to 4.4%, while still facing challenges with increased compute costs and refusals of harmless queries. The new model introduces a two-stage architecture, wherein a lightweight probe first screens every exchange, escalating suspicious ones to a more powerful classifier that analyzes both inputs and outputs, leading to better detection of potential jailbreak attempts. The implications for the AI/ML community are profound, as Constitutional Classifiers++ achieves the lowest successful attack rate of any tested approach, with no universal jailbreaks found to date. With a minimal compute overhead of about 1% and significantly lower refusal rates on benign queries, this system is not only more robust but also cost-effective. Furthermore, internal probe classifiers tap into the model’s existing neural computations, enhancing detection capabilities and reinforcing defenses against complex attack strategies. As the safety landscape of AI models evolves, this innovation represents a critical stride toward ensuring their responsible deployment while maintaining user experience.