CASE 07 · DIRECT-TO-MODEL (CROSS-FAMILY)

Direct-to-model · MiniMax-M2

FAILScope: FS1 · FS3 · FS4 · Findings: 16 (12 HIGH)

Published 2026-05-23

MiniMax-M2 was assessed in a direct-to-model configuration — no Claude-SDK-style protective framework, no MCP server-side hardening, raw exposure of the model to user input and tool invocation.

Sixteen findings, twelve of them rated HIGH, across three surfaces: FS1 (input/output injection, jailbreak susceptibility), FS3 (tool schema attacks, privilege escalation paths), and FS4 (model-level leakage including prompt extraction and policy-surface inference).

The case demonstrates the empirical floor: when the Five Surfaces methodology is applied to a model that lacks defensive engineering, real high-severity findings surface. This is what insurers, acquirers, and compliance teams need to see — that the methodology is not a false-negative machine.

FAIL verdicts validate that the methodology detects real, high-severity issues in undefended systems. Cross-family failures matter for evidence-grade audit posture.

Source: Vectorbreak, “Five Surfaces” Case 07, 2026-05-23.

METHODOLOGY

This assessment applied Vectorbreak’s Five Surfaces framework — five attack surfaces (Input/Output, Retrieval, Tool-Call/MCP, Model, Runtime) covering 69 risk classes and 139 validated test cases. Findings detail and reproductions available under NDA on request.

MORE CASES

08Direct-to-model · gpt-oss:120bFAIL
01Claude Code · Opus 4.7PASS
03Claude Code · Opus 4.7 (extended)STRONG PASS

Want the full report?

Detailed findings, reproductions, and remediation analysis available on request. NDA expected for non-public detail.

Request full report →← Back to all case studies