Wave-1 Chat Safety News About FAQ
Start chatting

News July 2026

How we red-team our models

Somebody is going to attack every model we release. Our rule is simple: we get there first, and the model doesn't ship until we fail.

Red-teaming is the practice of attacking your own system the way an adversary would, before an adversary gets the chance. For a conversational model, that means one thing above all: trying to make it say what it should never say.

What we throw at it

Jailbreaks are not one technique; they are families of techniques, and a model that resists one family can fall to another. So the battery covers the spread:

  • Disguise. Payloads hidden inside encodings and obfuscation, so the surface of the message looks harmless.
  • Injection. Instructions planted inside the message that try to overwrite the model's rules from below.
  • Framing. Fiction, roleplay, and invented personas that recast a harmful request as make-believe.
  • Pressure. Urgency, claimed authority, and emotional leverage designed to make refusing feel wrong.
  • Persistence. Multi-turn attempts that approach a line slowly instead of crossing it in one step.

Scoring both directions

A refusal rate on attacks tells you half the story. The other half is what happens to ordinary users, because a screen that blocks everything is trivially "safe" and completely useless. Every run is scored both ways: how many attacks got through, and how many benign requests were wrongly refused. We hold the line on both numbers at once, and that is the hard part.

In our latest run against the live model, every jailbreak we tried was blocked across a dozen techniques, and none of the ordinary requests were turned away.

The cycle

Attack. Measure. Fix. Then run the whole battery again from the start, because a fix that patches one hole can open another. A model earns release by holding every line in the same run, not by passing each test once on separate days. If it holds, it ships. If it doesn't, the date moves. The bar never has.

Against the real thing

One detail we care about: our numbers come from attacking the live, deployed model, the same one you chat with, not a private lab build with the settings turned up. If the test doesn't run against what users actually get, it isn't a test; it's marketing.

The red team you can join

Every user is a potential red-teamer, and we mean that as an invitation. If Wave⁠-⁠1 ever says something it shouldn't, or refuses something it shouldn't, write to wave@waveai.cloud with what you asked and what it answered. Reports like that go straight into the next run.