FAR.AI is seeking a Jailbreaking Lead (Red Team) whose personal mission and obsession is to jailbreak the world's leading frontier AI models. You will sit at the tip of the spear of one of the world's leading AI red-teams, with a single, critical focus: find the universal jailbreaks that no one else can find, in the models used by hundreds of millions of people, and make sure they get fixed.This is primarily a senior IC role with some management responsibilities, ideally for candidates who want to build and lead a jailbreaking team over time. An IC-only track is also available. Either way, you will spend the majority of your time hands-on, building attacks and breaking frontier models, and setting the technical bar for what a world-class jailbreak looks like.About
FAR.AIFAR.AI is a non-profit AI research institute dedicated to ensuring advanced AI is safe and beneficial for everyone. Our mission is to facilitate breakthrough AI safety research, advance global understanding of AI risks and solutions, and foster a coordinated global response.About Red-Teaming at FAR.AIFAR.AI’s red team is building toward a simple outcome: materially raising the bar for safety and security of the most widely deployed and capable AI systems in the world. We intend to be the tip of the spear in AI safety: the team that consistently finds the failures others miss, resulting in real mitigations, and setting the standard that labs and governments converge on.You will be the senior technical owner of our jailbreaking practice reporting to Kellin Pelrine with a dotted line to Edward Yee. In 2026, we are scaling from a strong team with standout wins into a new level of impact for any AI red team globally:Red-teaming all major frontier model releases (closed and open-weight) within days/weeks of release;Expanding strategic engagements with governments and conducting pre-deployment testing with most frontier labs;Deepening our testing of key risk areas like CBRN, cyber, and agents, and exploring new ones like AI control and alignment;Building tools, agents, and insights that raise the global standard for red-teaming.About the RoleJailbreaking is the core technical engine of the red team. As Jailbreaking Lead, you own that engine. You are the person who personally breaks the hardest targets, sets the bar the rest of the team pushes toward, and makes sure we keep discovering the highest severity, universal vulnerabilities – the most important vulnerabilities to fix – in the most heavily defended frontier models on the planet, faster than anyone else.We expect you to spend at least 50-70% of your time hands-on across 2026: breaking models, chaining novel attack classes through defense-in-depth stacks, helping to invent new techniques when existing ones fail, and setting the standard for what constitutes a significant vulnerability and a credible mitigation. The remaining time will go to managing/mentoring ICs, helping to shape the jailbreaking research agenda with Kellin, and making sure our findings land with frontier labs, governments, and the broader field.This is a senior IC role by default, intended to attract a world-class jailbreaker. We are open to a management track for candidates who want to hire and lead a jailbreaking team over time.In practice, this role spans:Lead jailbreaking on the highest-stakes engagements:Personally develop universal and near-universal jailbreaks against frontier closed- and open-weight models, in CBRNE, cyber, agentic security, extreme persuasion, and emerging risk domains;Systematically dismantle defense-in-depth stacks (input filters, model-level refusal and safe completion, reasoning monitors, output filters, account-level moderation), chaining novel and established techniques;Escalate initial vulnerabilities to expose their most severe form, maximising universality, success rate, and capability of elicited output;Own the technical bar for vulnerability severity and generality on every major engagement.Push the frontier of jailbreaking techniques:Invent new attack classes when existing techniques fail;Monitor and rapidly incorporate state-of-the-art methods from the literature, and build our own proprietary portfolio;Shape the jailbreaking research agenda in partnership with Kellin, ensuring our toolkit stays ahead as defences evolve;Stress-test novel affordances (innovations in agents, tool use, long context, multimodal, reasoning, etc.) as frontier systems evolve.Raise the technical bar across the team:Set the standard for rigour, creativity, and precision in jailbreaking across the red team;Mentor ICs on attack craft, running pairing sessions, post-engagement retros, and internal writeups that turn your craft into team capability;Review major red-teaming deliverables for technical quality, severity judgment, and clarity;If on the management track: hire, manage, and grow a jailbreaking team without sacrificing your personal technical edge.Translate jailbreaks into real-world impact:Work directly with frontier labs and government agencies so that findings lead to real mitigations, not just disclosed vulnerabilities;Contribute to public reports, benchmarks, and the FAR.AI safety leaderboard that shape industry norms;Make precise, calibrated technical judgments about what is universal, what is reliable, and what a capable threat actor could actually do with a finding.This role would be a great fit if you:Obsess over frontier model jailbreaks the way elite security researchers obsess over zero-days;Have a track record of finding non-obvious, high-severity vulnerabilities in frontier AI systems, including universal or near-universal jailbreaks in the most heavily defended risk domains;Combine deep technical craft with the judgment to know which vulnerabilities actually matter and how defences are put together across different frontier models, and have communication skills to make frontier labs and governments act on them;Are excited by high-stakes, real-world technical work where success is measured by mitigations adopted and standards shifted, not papers published;Want to work with leading AI companies, governments, and academics; value independence and the ability to publish and speak honestly about risks;Care deeply about AI safety and impacting how advanced AI systems are deployed; have a “get shit done” attitude;Thrive in fast-moving, ambiguous environments with shifting threat models and defences.This role would be a poor fit if you:Prefer narrowly scoped research problems with clear academic metrics of success;Want to prioritize foundational research disconnected from red-teaming outcomes;Are primarily motivated by equity upside or compensation;Wish to operate within clearly defined bounds;Are not willing to move at the velocity we need;Are looking for a pure management role where you stop shipping jailbreaks yourself;Are not willing to be relentless.About YouStrong candidates for this role typically have many (but not necessarily all) of the following:Personally developed universal or near-universal jailbreaks against at least one leading frontier model;Demonstrated ability to discover non-obvious, high-severity vulnerabilities in frontier AI systems, complex software systems, or other hardened adversarial targets;Deep, hands-on jailbreaking experience with demonstrated success against modern frontier models with layered defences, including chaining multiple attack techniques through defense-in-depth stacks;Experience with black-box optimisation methods, multimodal attacks, and/or agentic red-teaming;Deep understanding of large language model architectures, training processes, and failure modes, including how these factors influence model behavior under adversarial conditions;Strong existing track record in AI, adversarial ML, security, or another highly technical subject (e.g. CS, cybersecurity, math, physics);Have thrived in rapidly evolving environments where techniques go obsolete fast and you have to invent your way forward;Invented novel attack classes;Demonstrated drive for mission/impact and desire to create real impact on frontier AI systems;Demonstrated relentlessness in achieving ambitious goals.It is a strong plus (but not required) if you have:Prior collaboration with AI labs, security teams, or government safety institutes;A track record in top CTF teams, offensive security research, or adversarial ML research;Published work in AI safety, security, or robustness;Can communicate technical findings and recommended mitigations to both technical and non-technical audiences;Prior experience mentoring technical ICs or leading a small technical team (required only for the management track).Logistics:Location: Remote globally. We can sponsor US or Singapore visas.Hours: Full-time. Expect up to one trip per month for convenings, government meetings, or team gatherings.Compensation: USD 170,000–250,000, depending on experience. Exceptional candidates may be offered more.