AI Safety Breach: Llama 3.3 and Gemma 3 Stripped of Guardrails
New research shows how Llama 3.3 and Gemma 3 can be modified to generate dangerous content by neutralizing their internal refusal mechanisms.
A Financial Times investigation conducted in partnership with the AI safety organization “Alice” has revealed that advanced models, including Meta’s Llama 3.3 and Google’s Gemma 3, can be “dismantled” to the point where they lose the ability to refuse dangerous requests.
Researchers utilized a technique known as “abliteration.” This process identifies and neutralizes the specific neural pathways responsible for a model’s refusal to execute risky instructions.
Unlike standard jailbreaking techniques that attempt to “trick” a model through clever prompting, abliteration directly modifies the underlying architecture of the AI system. This allows for the permanent removal of built-in safety protections.
Open-Source Models Lose Control Over Security
According to FT tests, modified versions of Gemma 3 and Llama 3.3 began generating content that commercial AI companies typically block. These results included instructions for distributing bank-credential-stealing code, malware development, and material related to child sexual exploitation.
Experts point out that tools for these modifications are already publicly available on GitHub. One of the most prominent tools, Heretic, reportedly enables the removal of security mechanisms locally in less than 10 minutes.
This situation presents a significant challenge for the AI ecosystem, as developers effectively lose control over their models the moment internal weights and settings are published.
Open-Source vs. Closed AI Systems
These findings intensify the ongoing debate between proponents of open-source AI and companies that maintain closed models, such as OpenAI’s ChatGPT or Anthropic’s Claude.
Unlike Meta and Google, OpenAI and Anthropic do not release the base weights of their systems, making such architectural attacks considerably more difficult. Their models remain locked on corporate servers, with internal access strictly limited.
While open-source advocates argue that public access accelerates innovation and democratizes technology, these new tests suggest it is nearly impossible to restrict dangerous versions once they are uploaded online. Experts warn that thousands of AI models without safety guardrails are already circulating freely on the internet without central oversight.
Corporate Risk Shifts to Individual Organizations
The issue is increasingly concerning for the corporate sector.
AI security firms like SandboxAQ suggest that organizations can no longer rely solely on provider promises regarding model safety. When a company implements open-source AI internally, the burden of monitoring and preventing misuse shifts from the original developers to internal IT and cybersecurity teams.
This shift occurs as governments worldwide move to accelerate AI regulation. However, they face a fundamental problem: once model weights are public, control over that model effectively vanishes.
Analysts suggest that the question of whether open-source AI can be safely regulated at all will likely become one of the most critical technological and geopolitical debates in the coming years.

Fill in necessary fields and publish