0DIN is open source AI security and the hard-earned knowledge behind it

We start this week on the developer and security community Product Hunting and Hacker News. If you’ve been following AI Security, we’d love your support and your feedback.

At Mozilla, open source has never been just a licensing choice. It’s a belief: the Internet is healthier when tools and knowledge circulate freely, when anyone can audit what’s going on, expand what exists, and build on what came before. That’s why we built Firefox in the open. That’s why we’ve kept building like this ever since.

0DIN, Mozilla’s AI security team, works from the same premise. This week, we’re releasing the 0DIN AI security scanner as open source software under the Apache 2.0 license, along with 179 community probes covering 35 vulnerability families, plus six specialty probes drawn exclusively from our bug-free library.

The scanner, and the intelligence behind it

The 0DIN scanner is not another benchmark suite built from textbook examples. We seed it with probes pulled directly from us bug bounty programwhere security researchers compete to find new techniques to manipulate, extract and subvert AI systems. As new vulnerabilities are discovered and disclosed through that program, we will continue to add probes to the open source library over time.

That loop, from researcher discovery to packaged reusable test, is what separates 0DIN Scanner from generic tools. This is high impact intelligence on jailbreaks, updated regularly as our researchers find new techniques.

Built on NVIDIA’s GARAK open source framework, the 0DIN Scanner adds a graphical interface, automatic scan scheduling, cross-model comparative analysis, and enterprise-grade reporting. It works against frontier models, open source LLMs, chatbots and anything with a fast interface. Security teams can see attack success rates, a vulnerability breakdown, and a comparison to the boundary models that attackers also test every day.

Six of those bug-conquering probes are mentioned here for the first time: Placeholder Injection, Incremental Table Completion, Technical Field Guide, Chemical Compiler Debugging, Correction, and Hex Recipe Book. Each represents a real technique that worked against production AI systems before we closed the loop.

These probes are assessed using JEF (Jailbreak Evaluation Framework), our open source library for measuring banned content output, which is also seeing major updates this week.

The code is at github.com/0din-ai/ai-scanner. Fork it, extend it, build on it.

Know your risk before attackers do

Not every organization has a red team or the bandwidth to run conflicting tests. Many companies are using AI in production right now without a clear picture of where they are exposed. To help close that gap, we offer free security assessments for enterprise AI deployments.

The assessment provides an attack success rate against your systems, a breakdown on rapid injection, jailbreak and data extraction categories, and a benchmark comparison with large frontier models. The process takes a few minutes to set up, with scan duration varying depending on the number of probes selected. If you’re actively deploying AI and haven’t tested it under adversarial conditions, this is a good place to start.

For teams that don’t want to manage the open source scanner on their own, we also offer a managed Enterprise edition with access to nearly 500 pre-disclosure investigations from the bug bounty program, giving organizations advance notice of emerging techniques before they become public knowledge.

Why open source, and why now

AI is moving fast enough that no single team will solve it alone. There are too many threats, too many models, too much attack surface. Keeping our tools locked down will make 0DIN slightly stronger, while leaving the wider internet weaker.

The researchers who submitted findings through our bug bounty program earned rewards for their work. We release a significant portion of that intelligence as open source and we will continue to do so as new vulnerabilities are discovered and disclosed. That’s the deal Mozilla has always offered: we build in the open, the community helps make it better, and the web gets a little healthier for it.

Get involved