Tendril — AI Lessons for Real Life

Tendril

What AI red teamers do

Prompt injection — indirect and direct, across tools and browsing.

Jailbreaks — roleplay, encoding tricks, low-resource languages.

Data exfiltration — from tool use, memory, and system prompts.

Agent harm testing — do agents take harmful real-world actions?

Multimodal attacks — image and audio payloads.

Evaluation design — building automated evals to catch regressions.

Responsible disclosure — writing up findings for mitigation.

Specialized tools

Tools like PyRIT (Microsoft) and Garak — open-source LLM red-team frameworks.

Promptfoo, Inspect (UK AISI), and Anthropic's evals for reproducible testing.

HarmBench and JailbreakBench for benchmarks.

Agentic sandboxes for browsing/tool agents.

MITRE ATLAS — adversarial ML threat framework.

Internal red-team platforms at Anthropic, OpenAI, Google DeepMind.

Task	Before AI (2020)	Now (2026)
Finding jailbreaks	Not a job category.	Full-time teams at every frontier lab.
Evaluation	Static benchmarks.	Dynamic, adversarial, continuously rotating.
Disclosure	Ad hoc.	Formal process mirroring infosec CVDs.

Task

Before AI (2020)

Now (2026)

Finding jailbreaks

Not a job category.

Full-time teams at every frontier lab.

Evaluation

Static benchmarks.

Dynamic, adversarial, continuously rotating.

Disclosure

Ad hoc.

Formal process mirroring infosec CVDs.

If you want to be an AI red teamer: Background in security (offensive security, bug bounty), ML engineering, or adversarial ML research. A CS degree helps; so does a linguistics or psychology background for prompt craft. Read the OpenAI, Anthropic, and DeepMind system cards and model cards cover to cover. Contribute to open red-team tooling. Write up your findings publicly within safe limits. Frontier labs and consultancies hire hard in this space.

End-of-lesson check

8 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-career2-ai-red-teamer-deep

What is the main idea of "AI Red Teamer in 2026: Breaking Models for a Living"?

A real job now: adversarially probing LLMs and multimodal systems for jailbreaks, prompt injection, data exfiltration, and harm.
Use AI as the final authority for the whole decision
Avoid checking the answer once it sounds polished
Focus only on speed instead of judgment

Which concept is most central to "AI Red Teamer in 2026: Breaking Models for a Living"?

prompt injection
jailbreaks
evaluation
harm taxonomy

Which use of AI fits this topic best?

Let the AI decide what matters without your review
Use the answer before checking whether it fits the situation
Prompt injection — indirect and direct, across tools and browsing.
Treat the AI output as automatically correct

What should a careful learner remember about "Publishing attacks has weight"?

Use AI to draft or organize ideas about jailbreaks, then verify before acting.
Skip the context so the tool can guess faster
Treat the output as private even after sharing it online
Use the answer without checking the source

You want to use AI after this lesson. What is the safest next step?

Act immediately because the AI answer is written clearly
Use AI for drafting and comparison, but verify before publishing or relying on it.
Hide uncertainty so the final answer looks cleaner
Use private or sensitive details before checking permission

How should AI output about jailbreaks be treated?

As proof that no other source is needed
As a replacement for context, consent, or expert review
As a draft or helper output that still needs human judgment and verification
As something that becomes correct when it sounds confident

Name one way to verify an AI answer about jailbreaks.

Which action would help you apply "AI Red Teamer in 2026: Breaking Models for a Living" responsibly?

Use the tool to avoid thinking through the tradeoff
Keep going even if the output conflicts with a trusted source
Treat the AI output as automatically correct
Jailbreaks — roleplay, encoding tricks, low-resource languages.