AI red-teaming · security · safety

Cassius Oldenburg

I get AI systems to do things they're supposed to refuse. Prompt injection, jailbreaks, talking a model into dropping its guardrails based on who it thinks it's talking to. I've done this full-time for about a year.

In that year I won HackAPrompt 2.0 (first out of 40,000+), placed top 4% in Gray Swan's arena, and wrote Context Is Everything, which shows one system-prompt change taking a model from refusing every harmful request to answering almost all of them.

Before this I worked retail for twelve years. No CS degree, no lab behind me. I taught myself by doing the work, and it's all on this page. I want a job where I can keep doing it.

Open to work: red-teaming, safety, evaluation, security / AI engineering. Full-time, contract, or bounty.
Selected work red-team & software
studyMar 2026

How much of a model's refusals come from its system prompt versus its training. I ran it both ways. The default refused everything; the adversarial setup didn't.

7 categories · 21 prompts · 210 A/B runs
competitionSep 2025

1st place out of 40,000+ participants.

indirect prompt injection · MATS × Trails
toolJan 2026

System-prompt injection tool for Claude Code. Turns Claude into Einstein, Le Guin, or Vonnegut.

composable YAML profiles · paper
toolDec 2025

Chrome DevTools Protocol MCP server.

raw CDP over WebSocket · 39/39 automation tests · no puppeteer
competition2026

Jailbreaking and misuse red-team arena. Top 4% globally.

live competitor profile
agentJan 2026 – present

A software agent that runs the whole channel by itself. It picks the topics, writes and renders each video, and uploads them. No human in the loop.

long-horizon agentic pipeline · 164k views
Connect say hi
codebergred-core
consultingredcore.zip