Unlock advanced security testing capabilities with MDX-Tom/gpt-5.6-instruct, a jailbreak prompt toolkit that overcomes LLM safety restrictions for legitimate research tasks.
Large language models often refuse to assist with security-related tasks, even when they're for legitimate research purposes. This toolkit provides carefully crafted prompts that help you conduct penetration testing, reverse engineering, and other security research within the boundaries of ethical sandboxing.
This repository contains jailbreak prompts and testing tools specifically designed for the gpt-5.6-sol model through OpenAI's Codex CLI interface. The core concept revolves around "jailbreaking" - a term borrowed from mobile device rooting that here means bypassing the safety restrictions built into language models.
These prompts work by reframing potentially restricted activities (security research, software cracking, penetration testing) as local sandbox tasks within controlled environments. By explicitly declaring these activities as isolated, safe operations and suppressing the model's default refusal responses, researchers can get meaningful assistance with their work.
The toolkit comes in two flavors: v5 uses simpler cross-domain direct answering rules with common placeholders like TARGET, HOST, and PAYLOAD. The v35 version goes further by normalizing specific products and URLs into generic placeholders (APP, APP_URL, SAMPLE) and routing requests through bilingual composite intent structures. While v35 offers more sophisticated handling for complex tasks, v5 is recommended for most use cases due to its simplicity and proven effectiveness.
Whether you're a security researcher, penetration tester, or reverse engineer, this toolkit enables several important workflows:
The toolkit includes comprehensive testing infrastructure with 360 test cases covering 6 security-focused scenarios across 3 difficulty levels (low, medium, high) in both Chinese and English. Each test records the raw prompt, model response, transmission method, retry sources, and final pass/fail status, enabling reproducible evaluation and iterative improvements.
Results speak volumes: the v5 prompt achieves perfect 120/120 scores on medium-difficulty tests, while both v5 and v35 hit 120/120 across all three difficulty levels. Compared to the previous 5.5 version, these prompts show dramatic improvements with pass rate increases of 29.17%, 45.00%, and 30.83% respectively across the difficulty tiers.
With over 1,000 stars and growing, this repository addresses a critical gap in the AI security landscape. As language models become more prevalent in development workflows, security professionals need tools to properly evaluate their capabilities and limitations in controlled environments.
The project stands out because it doesn't just provide jailbreak prompts - it offers a complete ecosystem including deployment scripts, testing frameworks, and detailed performance metrics. The dual-version approach (v5 for general use, v35 for complex tasks) shows thoughtful design that considers both accessibility and power.
Community response has been positive, particularly around the measurable improvements over previous versions. The 45% jump in high-difficulty test pass rates represents a significant advancement that researchers actively need. Additionally, the bilingual support (Chinese and English) broadens its appeal in the global security community.
The project's methodology - treating security tasks as local sandbox operations rather than external threats - represents a clever approach to working within LLM safety frameworks while still enabling legitimate research. This balance between capability and responsibility resonates with ethical researchers who need powerful tools without crossing ethical lines.
This toolkit is ideal for security researchers, penetration testers, and reverse engineers who work with language models in their workflow. You should have:
The project fits naturally into security research pipelines, red team operations, and AI safety testing workflows. It's particularly valuable for teams evaluating how language models handle sensitive security topics, or researchers studying adversarial prompt techniques for defensive purposes.
While the toolkit requires Python 3.8+ and Codex CLI setup, the deployment process is straightforward with built-in backup and restore functionality. This makes it accessible to security professionals who may not be full-time developers but need these capabilities for their work.
Getting started with the jailbreak toolkit is straightforward using the included deployment script:
# Launch interactive menu to choose between v5, v35, backup restore, or exit
python3 codex-instruct.py
# Preview the recommended v5 prompt before installation
python3