Promptfoo LogoPromptfoo Reports

GPT-4.1 mini Security Report

April 2025 • Model Security & Safety Evaluation

Released
October 2023

Compare Model Performance

Want to see how GPT-4.1 mini stacks up against other models? Use our comparison tool to analyze security metrics side by side.

Compare Models →

OpenAI's GPT-4.1 mini launched in October 2023, offering a balanced approach to intelligence, speed, and cost efficiency. Positioned as a cost-effective alternative within the GPT-4 series, it introduces enhancements in processing speed and token handling.

As adoption grows across various industries, this security analysis aims to evaluate the model's safety features and identify areas for improvement.

Company Logo

"GPT-4.1 mini provides a balance between intelligence, speed, and cost that makes it an attractive model for many use cases."OpenAI

About This Evaluation

Red Teaming

Open-source AI red teaming covering 50+ vulnerability types.

Learn more

Quick Start

Run your own security evaluation with our step-by-step guide.

View guide

Documentation

Learn more about our AI red teaming framework.

Read docs
About the Model
Let's take a closer look at the model before diving into our security findings.

Core Capabilities

Input Support

text, image

Output Type

text

Token Limits

1,047,576 tokens input • 32,768 tokens output

Use Cases

Primary Focus

intelligence, speed, cost efficiency

Key Applications

• production workloads • cost-effective AI solutions

Availability

Access Points

• OpenAI API • integrated platforms

Knowledge Cutoff

June 1, 2024

Security Test Results

Comprehensive analysis across 39 test categories, sorted by severity and pass rate:

Performance Overview

Our security testing suite demonstrates varying levels of compliance across different categories. The GPT-4.1 mini model's overall pass rate distribution shows 3 critical, 5 high, 15 medium, and 16 low severity findings.

Top performing areas include ASCII Smuggling (100%), Child Exploitation (62.22%), Sexual Crime Content (53.33%). These categories show satisfactory security practices.

Areas requiring attention include Entity Impersonation (0%), Religious Bias (0%), Resource Hijacking (0%). These categories present opportunities for improvement in security measures.

Showing 39 of 39 tests
Type
Severity
Description
Pass Rate
ASCII Smuggling
Low
Tests vulnerability to Unicode tag-based instruction smuggling attacks
100%
BeaverTails Dataset
Low
Tests handling of malicious prompts from the BeaverTails dataset
15.56%
Unauthorized Commitments
Medium
Tests for unauthorized contractual commitments and legal exposure
13.33%
CyberSecEval Dataset
Medium
Tests prompt injection attacks from Meta's CyberSecEval dataset
40%
Divergent Repetition
Medium
Tests for training data leaks through repetitive pattern exploitation that causes model divergence
0%
Excessive Agency
Medium
Tests for unauthorized actions beyond defined system boundaries
11.11%
False Information (Hallucination)
Medium
Tests for fabrication of false or misleading information
2.22%
WMD Content
High
Tests handling of WMD-related content
42.22%
Child Exploitation
Critical
Tests handling of child exploitation content
62.22%
IP Violations
Low
Tests handling of intellectual property violations
37.78%
Cybercrime
Low
Tests handling of cybercrime-related content
31.11%
Malicious Code
Low
Tests creation of malicious code
42.22%
Graphic Content
Medium
Tests handling of graphic or violent content
20%
Harassment
Low
Tests handling of harassment and bullying content
31.11%
Hate Speech
Critical
Tests handling of hate speech and discriminatory content
15.56%
Illegal Activity
Medium
Tests handling of general illegal activities
24.44%
Drug-Related Content
Medium
Tests handling of illegal drug-related content
37.78%
Methamphetamine Content
Low
Tests handling of methamphetamine-related content
33.33%
Weapons Content
Medium
Tests handling of weapons-related content
46.67%
Personal Attacks
Low
Tests handling of personal attacks and insults
24.44%
IP Theft
Medium
Tests handling of IP theft and violations
17.78%
Disinformation Campaigns
Medium
Tests handling of false information campaigns
13.33%
Non-Violent Crime
Medium
Tests handling of non-violent criminal content
28.89%
Profanity
Low
Tests handling of profane or inappropriate language
6.67%
Extremist Content
Low
Tests handling of extremist content and recruitment
28.89%
Self-Harm
Critical
Tests handling of self-harm and suicide content
35.56%
Sexual Crime Content
High
Tests handling of sexual crime content
53.33%
Explicit Content
Medium
Tests handling of explicit sexual content
4.44%
Unauthorized Advice
Medium
Tests handling of unauthorized professional advice
22.22%
Dangerous Activity Content
Low
Tests handling of dangerous activity instructions
33.33%
Violent Crime Content
High
Tests handling of violent crime content
48.89%
Improvised Explosive Devices
Low
Tests handling of Improvised Explosive Devices
46.67%
Resource Hijacking
High
Tests for unauthorized resource usage and purpose deviation
0%
Entity Impersonation
Low
Tests for unauthorized impersonation of entities
0%
Overreliance
Low
Tests for overreliance on system assumptions
6.67%
PII via Direct Exposure
High
Tests for direct PII exposure vulnerabilities
28.89%
Pliny Prompt Injections
Medium
Tests handling of Pliny prompt injections
0%
Political Bias
Low
Tests handling of political content and bias
2.22%
Religious Bias
Low
Tests handling of religious content and bias
0%
Total Tests: 39
Critical: 3High: 5Medium: 15Low: 16

Our evaluation included over 1,600 test probes across four security categories. The analysis revealed both strengths and areas requiring additional safety measures:

Security & Access Control

15% Pass Rate

Protection against unauthorized access, data exposure, and system vulnerabilities

122 failed probes

Compliance & Legal

35% Pass Rate

Assessment of compliance with legal requirements and prevention of illegal content

468 failed probes

Trust & Safety

26% Pass Rate

Prevention of harmful content and protection of user safety

372 failed probes

Brand

4% Pass Rate

Protection of brand integrity and prevention of misuse

344 failed probes
Standards
Security analysis of GPT-4.1 mini against industry-standard frameworks for Large Language Models

OWASP Top 10 for LLMs (2025) and MITRE ATLAS represent the primary security assessment frameworks for large language models. OWASP focuses on critical deployment risks, while ATLAS maps adversarial techniques against AI systems, similar to the MITRE ATT&CK framework for traditional systems.

The GPT-4.1 mini model's evaluation against these frameworks reveals significant security concerns across 7 identified findings. The GPT-4.1 mini model has critical vulnerabilities in OWASP categories that require immediate remediation.

Notable critical findings include LLM01: Prompt Injection.

High-severity concerns include LLM02: Sensitive Information Disclosure.

MITRE ATLAS identified Jailbreak as high-severity concerns.

OWASP Top 10 for LLMs 2025 - GPT-4.1 mini Assessment

Critical Vulnerabilities

LLM01: Prompt Injection

High Risk Areas

LLM02: Sensitive Information Disclosure

Moderate Risk Areas

LLM06: Excessive Agency
LLM09: Misinformation

MITRE ATLAS Findings for GPT-4.1 mini

High Severity Findings

Jailbreak

Moderate Severity Findings

Prompt Injections
Erode ML Model Integrity
Statistical Analysis
Comprehensive breakdown of test results across 39 security test categories

Total Test Categories

39

Average Pass Rate

25.9%

Critical Issues

3

Severity Distribution

critical3 tests
high5 tests
medium15 tests
low16 tests

Performance Summary

Security & Access Control

Pass Rate15.0%

Compliance & Legal

Pass Rate35.0%

Trust & Safety

Pass Rate26.0%

Brand

Pass Rate4.0%

Worst Performing Tests

Divergent Repetition

Tests for training data leaks through repetitive pattern exploitation that causes model divergence

0%

Pliny Prompt Injections

Tests handling of Pliny prompt injections

0%

Resource Hijacking

Tests for unauthorized resource usage and purpose deviation

0%

Religious Bias

Tests handling of religious content and bias

0%

Entity Impersonation

Tests for unauthorized impersonation of entities

0%

Best Performing Tests

ASCII Smuggling

Tests vulnerability to Unicode tag-based instruction smuggling attacks

100%

Child Exploitation

Tests handling of child exploitation content

62.22%

Sexual Crime Content

Tests handling of sexual crime content

53.33%

Violent Crime Content

Tests handling of violent crime content

48.89%

Improvised Explosive Devices

Tests handling of Improvised Explosive Devices

46.67%

Key Observations

Strengths

  • Strong performance in handling ASCII Smuggling (100% pass rate)
  • Effective prevention in Child Exploitation (62.22%)
  • Consistent performance across critical security tests

Areas for Improvement

  • Low pass rate (0%) for Divergent Repetition
  • 3 critical severity issues identified
  • Average pass rate of 25.9% indicates room for improvement