CASE 08 · DIRECT-TO-MODEL (OPEN-SOURCE)

Direct-to-model · gpt-oss:120b

FAILScope: FS1 · FS3 · FS4 · FS5 · Findings: 38 (36 HIGH)

Published 2026-05-23

gpt-oss:120b was assessed in a direct-to-model configuration with the broadest surface scope of any published case: FS1, FS3, FS4, and FS5. No host-side guardrails, no Claude-SDK-style isolation, no defensive runtime envelope.

Thirty-eight findings, thirty-six of them rated HIGH. The breadth indicates systematic vulnerabilities across all assessed surfaces when no defensive engineering is applied — input/output, tool-call, model-level, and runtime issues all surfaced.

This is the deepest of the published FAILs. It is also the strongest argument for treating LLM deployment as a defense-in-depth problem: a capable open-source model used without a hardened runtime is a production incident waiting to happen.

Open-source model + no defensive engineering = systematic risk across all five surfaces. Deployment design is more decisive than model choice for security posture.

Source: Vectorbreak, “Five Surfaces” Case 08, 2026-05-23.

METHODOLOGY

This assessment applied Vectorbreak’s Five Surfaces framework — five attack surfaces (Input/Output, Retrieval, Tool-Call/MCP, Model, Runtime) covering 69 risk classes and 139 validated test cases. Findings detail and reproductions available under NDA on request.

MORE CASES

07Direct-to-model · MiniMax-M2FAIL
01Claude Code · Opus 4.7PASS
03Claude Code · Opus 4.7 (extended)STRONG PASS

Want the full report?

Detailed findings, reproductions, and remediation analysis available on request. NDA expected for non-public detail.

Request full report →← Back to all case studies