Anthropic
Rank #3 of 93
Est.

Anthropic Claude Sonnet 4.5: LLM Security & Jailbreak Resistance

As of 2026-07-04, Anthropic Claude Sonnet 4.5 has an attack success rate (ASR) of 4.2% on Guardion's LLM Vulnerability benchmark — ranking #3 of 93 models. It is highly resistant to jailbreaks and adversarial prompts.

Overall ASR
4.2%
lower is safer
Robustness
95.8%
100 − ASR
Rank
#3
of 93 models
Zero-Shot ASR
100.0%
TAP ASR
100.0%
Tree of Attacks w/ Pruning
Crescendo ASR
100.0%
multi-turn escalation

Attack Success Rate (ASR) is the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks (HarmBench framework). Lower is safer. "Est." models are calibrated from public safety evaluations pending a Guardion benchmark run.

How Claude Sonnet 4.5 compares

Frequently asked questions

How secure is Anthropic Claude Sonnet 4.5 against jailbreaks?

Anthropic Claude Sonnet 4.5 is highly resistant to jailbreaks and adversarial prompts. On Guardion's LLM Vulnerability benchmark it records a 4.2% attack success rate (95.8% robustness), ranking #3 of 93 models (estimated from public safety evaluations).

What is Claude Sonnet 4.5's attack success rate (ASR)?

Claude Sonnet 4.5's overall ASR is 4.2% — the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks. Lower is safer.

Is Claude Sonnet 4.5 more secure than Claude Opus 4.5?

Claude Opus 4.5 is more robust: 3.4% ASR vs Claude Sonnet 4.5's 4.2%. See the full head-to-head comparison for the per-attack breakdown.

How can I make Claude Sonnet 4.5 safer to deploy?

Even robust models are bypassed under sustained attack. An inline runtime guardrail that classifies prompts and responses — like Guardion's prompt-defense models — blocks jailbreaks and prompt injection before they reach Claude Sonnet 4.5.

Harden Claude Sonnet 4.5 in production

Guardion's runtime guardrails block jailbreaks and prompt injection before they reach any model — with sub-130ms policy decisions.

Request a demo