Technique Submissions: Service Level Agreement
| Stage | What we do | Target SLA |
|---|---|---|
| Receipt | Auto-acknowledge with tracking ID. | Immediate |
| Initial triage | Scope fit, severity guess, duplicate check. | 3 business days |
| Reproduction | Attempt on ≥2 model families; capture artifacts. | 10 business days |
| Vendor coordination | Contact model/provider if applicable; request embargo. | Within 5 business days of repro |
| Decision notice | Accept / Accept-with-Redaction / Needs-Info / Defer / Out-of-Scope. | 15 business days from repro |
| Publication | Publish sanitized page or at embargo lift. | Within 5 business days |
| Stale cases | Pause after 10 days w/o submitter response; close after 30. | Pause 10d • Close 30d |
Fast-TrackLow-risk, clearly documented, widely observed techniques may be accepted in ≤ 5 business days.
Technique Acceptance Criteria
- Language-layer scope: prompts, dialog, context, retrieval, tool calls, or model reasoning.
- Reproducible: evidence across ≥2 model families or one model + strong artifacts (transcripts/screenshots/logs).
- Distinct: not a trivial duplicate; variants must explain measurable differences.
- Safe to publish: sanitized examples; no step-by-step harmful payloads.
- P-D-R draft: Prevent / Detect / Respond guidance included (we’ll edit for consistency).
- Signals: observable cues (role-play phrasing, delimiter patterns, language hops, etc.).
- Metadata: models tested, dates, success rates, sample outputs (redacted if needed).
- Legal/Ethical fit: no private data, trade secrets, or illegal activity.
Common rejections: out-of-scope (binary exploit only), insufficient evidence, exact duplicate, unsafe to publish, vendor embargo without a safe summary path.
Coordinated Disclosure: Language-Layer
- Risk triage: severity + affected surfaces (persona, retrieval, tool use).
- Vendor notice: confidential outreach for reliable vendor-specific bypasses.
- Embargo window: up to 90 days (shorten if public; extend by agreement).
- During embargo, we publish: LLDF ID, high-level description, mitigations, and signals; withhold exact payloads.
- After embargo: publish full page (with redactions if needed) + acknowledgment + fix status (Fixed/Partial/Residual).
- Credit: submitter credited if they consent; anonymous/pseudonymous accepted.
- Disputes: reviewed within 5 business days; page updated if warranted.
Governance & Community
Code of Conduct
- Be respectful; no harassment or doxxing. Debate ideas, not people.
- No illegal content, harmful payloads, or personal data in submissions.
- Share evidence and sources where possible; disclose conflicts of interest.
Privacy Notice (Short-Form)
- Data we collect: email, role, location (optional), submission artifacts (sanitized).
- Why: community coordination, technique review, maturity analytics (opt-in).
- Retention: raw submission data 90 days; published metadata retained with redactions.
- Your rights: request deletion/correction anytime via privacy@lldfportal.com.
- Security: encrypted in transit/at rest; limited personnel access.
See Full Privacy Policy below for details (jurisdiction, processors, cookies, DPO).
Full Privacy Policy
- Lawful basis: legitimate interests (community/security research) and consent (waitlists/telemetry).
- Processors: reputable email, survey, and storage providers with DPAs; data localized where feasible.
- Cookies/Analytics: minimal analytics; honor Do-Not-Track; opt-out links provided.
- DPO/Contact: dpo@lldfportal.com
Terms of Use
- Purpose: educational and defensive security only.
- License: technique pages under CC BY-NC 4.0 (unless stated otherwise).
- Submissions: you grant LLDF a non-exclusive right to publish, edit, and translate contributions.
- Compliance: do not test against production systems without authorization; obey export controls/sanctions.
Vulnerability Disclosure (Site/Infra) & security.txt
Report website/infra issues (not model exploits) via security@lldfportal.com. We acknowledge within 3 business days.
Place this file at /.well-known/security.txt:
Contact: mailto:security@lldfportal.com Encryption: https://lldfportal.com/pgp.txt Policy: https://lldfportal.com/vulnerability-disclosure Acknowledgements: https://lldfportal.com/hall-of-fame Preferred-Languages: en Expires: 2026-12-31T23:59:59Z
Contributor Workflow
| Status | Description | Owner |
|---|---|---|
| Received | Submission logged; tracking ID sent. | Ops |
| In Triage | Scope, severity, duplicate check. | Review |
| In Repro | Attempt on ≥2 model families; artifacts captured. | Research |
| Vendor Coordination | Confidential notice; embargo negotiation. | Research + Legal |
| Decision | Accept / Accept / Needs-Info / Defer. | Steering |
| Publish | Sanitized technique page + credit. | Editorial |
Risk Grading: Language-Layer
| Level | Impact Example | Default Handling |
|---|---|---|
| Critical | Dangerous guidance or sensitive data exfiltration at high success rate. | Vendor coordination + embargo; publish high-level now, full later. |
| High | Reliable policy bypass requiring moderate skill. | Fast vendor ping; summary now; details post-mitigation. |
| Medium | Inconsistent bypass, niche setting/model. | Publish with redactions + mitigations. |
| Low | Educational pattern with low harm. | Publish quickly with clear P-D-R. |
FAQ
Can I submit anonymously?
Yes. We accept anonymous and pseudonymous submissions. Credit is optional.
Will you publish my exact prompts?
Only if safe. We sanitize or redact harmful payloads, and we may embargo details during vendor coordination.
Do you test on production systems?
No. We never authorize testing on production systems. Submissions must follow legal/ethical guidelines.