Anatomy of a guardrail bypass

A walkthrough of a real finding from the v1 red team: how an attacker class defeated the keyword engine and what the v2 semantic layer does differently.

The payload class

Content pending. Source: tests/redteam/ corpus findings, S0.2 harness output.

Why the keyword engine let it through

Content pending.

Reproducing the finding

Content pending. Include: exact command, expected vs. actual, fix commit SHA.

What v2 does differently

Content pending. Reference: v2 engine design notes.