On 2 July, Anthropic, the company behind the Claude AI models, published more details on its newest model's cyber safeguards and a new jailbreak framework. Two things sat inside it. First, its latest model ships with stronger guardrails that sort every request into what is fine, what gets watched, and what is blocked outright. Second, and more interesting for the rest of us, it proposed a shared way to measure how badly an AI can be tricked into breaking its own rules, built alongside Amazon, Microsoft and Google.
If your business has started leaning on AI this year, and after the run of news we have just had, where even the most cautious, regulated companies in the country are going all in, plenty have, this matters more than it first looks. A chatbot answering enquiries on your website. An assistant drafting quotes. An agent quietly sorting the inbox. Each one is genuinely useful. Each one is also a piece of software that can, in the wrong circumstances, be talked into doing something you never intended.
What a jailbreak actually is
A jailbreak is getting an AI past the guardrails it was given, so it does or says something it was built not to. It has a sneakier cousin called prompt injection, where the trick is not typed in by a user at all but hidden inside something the AI reads: an instruction buried in an email, a document, or a web page, which the tool then quietly obeys. The developer and independent AI writer Simon Willison has tracked this closely for years, and his blunt view has held up: any AI that can both read outside content and take actions is a tool that can, in principle, be steered by whoever wrote that content.
The small-business version of this is not science fiction, it is mundane. A website chatbot argued into promising a refund or a discount you never approved. An inbox assistant that follows a malicious instruction tucked inside an otherwise ordinary customer email. A helper coaxed, one polite message at a time, into repeating information it holds about your customers. In each case the software is simply doing what it was told, by whoever was cleverest about how they told it.
Why the whole industry agreeing on a scale is the real news
The new framework scores a jailbreak from zero to four, from merely informational up to critical, weighing things like how much extra capability the trick hands an attacker and how easily it could be reused against other targets. Anthropic put it plainly: each step up the scale is several times more serious than the one below it. The detail that matters is not the maths, it is the company it was built in. Amazon, Microsoft and Google helped shape it, which means the firms behind most of the AI tools a small business will ever touch are starting to speak one language about misuse.
That is a genuinely good sign. AI safety is maturing from a marketing promise into something measurable, and the labs building the tools you rely on are treating the ways they can be abused as a first-order problem rather than an afterthought. The tools are getting safer at the source. The catch is that the source is only half the story.
The safe part is how it is set up, not just which tool you buy
A model's own guardrails are the floor, not the ceiling. The risk that actually bites a small business lives in how the AI is wired into the business itself: what data it is allowed to see, what actions it is permitted to take, and what it will and will not say on your behalf. A powerful model connected carelessly is more dangerous than a modest one set up with care. This is especially true the moment you move from a tool that just answers questions to an agent that carries out real work across your systems, because now a clever instruction does not just change an answer, it can trigger an action.
This is the fiddly, unglamorous part of adopting AI well, and it is exactly where getting it right pays off. Done properly, the tool stays firmly in its lane, cannot be argued out of your own policies, keeps customer data where it belongs, and has a human watching for the occasional attempt to push it somewhere it should not go. None of that is visible in a product demo, which is precisely why so many businesses skip it.
- A chatbot that helps customers but cannot be talked into prices, promises or refunds you never approved.
- Customer information the AI can use to give better answers, but never hand out or leak, no matter who is asking.
- Clear limits on what each tool is allowed to do, so a single clever message cannot turn it against you.
- An assistant that ignores instructions hidden inside the emails, documents and web pages it reads.
- Someone keeping an eye on how the AI is being used, and tightening things the moment something looks off.
The question is no longer whether to use AI in your business. It is whether the AI you use could ever be turned against it.
You do not need to become a security expert to adopt AI safely, any more than you need to be an electrician to have safe wiring. What you need is the right tools chosen well, set up so they cannot be turned against you, and someone to keep them that way as both the tools and the tricks keep changing. The upside of AI is real and it is arriving fast. The downside is real too, and it is quietly avoidable.
This is exactly the work we do at NextAura. We bring AI into Australian small businesses the safe way: the right tools, set up with real guardrails, so your customers get the help and your business keeps its data, its reputation and its good night's sleep. If you want the upside of AI without lying awake about the downside, get in touch and we will handle the hard part while you get back to running the business.