Anthropic
Rank #6 of 93
Est.

Anthropic Claude Haiku 4.5: LLM Security & Jailbreak Resistance

As of 2026-07-04, Anthropic Claude Haiku 4.5 has an attack success rate (ASR) of 5.2% on Guardion's LLM Vulnerability benchmark — ranking #6 of 93 models. It is highly resistant to jailbreaks and adversarial prompts.

Overall ASR
5.2%
lower is safer
Robustness
94.8%
100 − ASR
Rank
#6
of 93 models
Zero-Shot ASR
100.0%
TAP ASR
100.0%
Tree of Attacks w/ Pruning
Crescendo ASR
100.0%
multi-turn escalation

Attack Success Rate (ASR) is the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks (HarmBench framework). Lower is safer. "Est." models are calibrated from public safety evaluations pending a Guardion benchmark run.

How Claude Haiku 4.5 compares

Frequently asked questions

How secure is Anthropic Claude Haiku 4.5 against jailbreaks?

Anthropic Claude Haiku 4.5 is highly resistant to jailbreaks and adversarial prompts. On Guardion's LLM Vulnerability benchmark it records a 5.2% attack success rate (94.8% robustness), ranking #6 of 93 models (estimated from public safety evaluations).

What is Claude Haiku 4.5's attack success rate (ASR)?

Claude Haiku 4.5's overall ASR is 5.2% — the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks. Lower is safer.

Is Claude Haiku 4.5 more secure than Claude Opus 4.5?

Claude Opus 4.5 is more robust: 3.4% ASR vs Claude Haiku 4.5's 5.2%. See the full head-to-head comparison for the per-attack breakdown.

How can I make Claude Haiku 4.5 safer to deploy?

Even robust models are bypassed under sustained attack. An inline runtime guardrail that classifies prompts and responses — like Guardion's prompt-defense models — blocks jailbreaks and prompt injection before they reach Claude Haiku 4.5.

Harden Claude Haiku 4.5 in production

Guardion's runtime guardrails block jailbreaks and prompt injection before they reach any model — with sub-130ms policy decisions.

Request a demo