Cohere
Rank #68 of 93
Measured

Cohere Command R Plus: LLM Security & Jailbreak Resistance

As of 2026-07-04, Cohere Command R Plus has an attack success rate (ASR) of 43.3% on Guardion's LLM Vulnerability benchmark — ranking #68 of 93 models. It is weakly resistant — adversarial prompts succeed often without added guardrails.

Overall ASR
43.3%
lower is safer
Robustness
56.7%
100 − ASR
Rank
#68
of 93 models
Zero-Shot ASR
17.1%
TAP ASR
65.8%
Tree of Attacks w/ Pruning
Crescendo ASR
47.1%
multi-turn escalation

Attack Success Rate (ASR) is the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks (HarmBench framework). Lower is safer. "Est." models are calibrated from public safety evaluations pending a Guardion benchmark run.

How Command R Plus compares

Cohere Command R 7B
Rank #26 · ASR 25.8%
Compare
Cohere Command A
Rank #27 · ASR 26.0% (est.)
Compare
Cohere Command R
Rank #38 · ASR 32.9%
Compare
Cohere Command 2X
Rank #54 · ASR 39.4%
Compare
MiniMax MiniMax M1 80K
Rank #67 · ASR 43.0% (est.)
Compare
MiniMax MiniMax M1 40K
Rank #69 · ASR 43.5% (est.)
Compare

Frequently asked questions

How secure is Cohere Command R Plus against jailbreaks?

Cohere Command R Plus is weakly resistant — adversarial prompts succeed often without added guardrails. On Guardion's LLM Vulnerability benchmark it records a 43.3% attack success rate (56.7% robustness), ranking #68 of 93 models.

What is Command R Plus's attack success rate (ASR)?

Command R Plus's overall ASR is 43.3% — the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks. Lower is safer.

Is Command R Plus more secure than Command R 7B?

Command R 7B is more robust: 25.8% ASR vs Command R Plus's 43.3%. See the full head-to-head comparison for the per-attack breakdown.

How can I make Command R Plus safer to deploy?

Even robust models are bypassed under sustained attack. An inline runtime guardrail that classifies prompts and responses — like Guardion's prompt-defense models — blocks jailbreaks and prompt injection before they reach Command R Plus.

Harden Command R Plus in production

Guardion's runtime guardrails block jailbreaks and prompt injection before they reach any model — with sub-130ms policy decisions.

Request a demo