Anthropic
Rank #4 of 93
Measured

Anthropic Claude 3.5 Sonnet v2: LLM Security & Jailbreak Resistance

As of 2026-07-04, Anthropic Claude 3.5 Sonnet v2 has an attack success rate (ASR) of 4.4% on Guardion's LLM Vulnerability benchmark — ranking #4 of 93 models. It is highly resistant to jailbreaks and adversarial prompts.

Overall ASR
4.4%
lower is safer
Robustness
95.6%
100 − ASR
Rank
#4
of 93 models
Zero-Shot ASR
0.5%
TAP ASR
8.8%
Tree of Attacks w/ Pruning
Crescendo ASR
3.8%
multi-turn escalation

Attack Success Rate (ASR) is the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks (HarmBench framework). Lower is safer. "Est." models are calibrated from public safety evaluations pending a Guardion benchmark run.

How Claude 3.5 Sonnet v2 compares

Anthropic Claude Opus 4.5
Rank #1 · ASR 3.4% (est.)
Compare
Anthropic Claude Sonnet 4.5
Rank #3 · ASR 4.2% (est.)
Compare
Anthropic Claude Haiku 4.5
Rank #6 · ASR 5.2% (est.)
Compare

Frequently asked questions

How secure is Anthropic Claude 3.5 Sonnet v2 against jailbreaks?

Anthropic Claude 3.5 Sonnet v2 is highly resistant to jailbreaks and adversarial prompts. On Guardion's LLM Vulnerability benchmark it records a 4.4% attack success rate (95.6% robustness), ranking #4 of 93 models.

What is Claude 3.5 Sonnet v2's attack success rate (ASR)?

Claude 3.5 Sonnet v2's overall ASR is 4.4% — the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks. Lower is safer.

Is Claude 3.5 Sonnet v2 more secure than Claude Opus 4.5?

Claude Opus 4.5 is more robust: 3.4% ASR vs Claude 3.5 Sonnet v2's 4.4%. See the full head-to-head comparison for the per-attack breakdown.

How can I make Claude 3.5 Sonnet v2 safer to deploy?

Even robust models are bypassed under sustained attack. An inline runtime guardrail that classifies prompts and responses — like Guardion's prompt-defense models — blocks jailbreaks and prompt injection before they reach Claude 3.5 Sonnet v2.

Harden Claude 3.5 Sonnet v2 in production

Guardion's runtime guardrails block jailbreaks and prompt injection before they reach any model — with sub-130ms policy decisions.

Request a demo