A red teaming study by Enkrypt AI reveals that Mistral AI Models, Pixtral-Large (25.02) and Pixtral-12b, are significantly more vulnerable to generating child sexual exploitation material (CSEM) and hazardous chemical/biological content than top competitors like OpenAI’s GPT-4o and Anthropic’s Claude 3.7 Sonnet, raising urgent safety concerns about how these models are deployed and secured.
Mistral AI Models Under Fire – Key Points
Study Findings & Success Rate of Harmful Output:
Enkrypt AI found that 68% of prompts aimed at eliciting harmful content were successful when tested on Mistral’s models. Pixtral-Large was 60 times more likely to generate CSEM than GPT-4o and Claude 3.7 Sonnet. Mistral AI Models were also 18 to 40 times more likely to produce chemical, biological, radiological, and nuclear (CBRN) information.
Prompt Engineering & Jailbreak Testing:
Enkrypt AI’s methodology involved sophisticated red teaming, including “jailbreak” prompts and adversarial multimodal inputs—like image files with hidden instructions—mimicking real-world evasion techniques. These were assessed by human evaluators for ethical compliance and accuracy.
Dangerous CBRN Examples:
Prompts succeeded in generating content on the synthesis and dispersal of toxic agents, including VX nerve agent modification, radiological dispersal methods, and biological weaponization tactics—despite the models’ disclaimers that outputs were for awareness and prevention only.
Grooming-Related Responses:
Specific examples include model responses detailing scripts for grooming minors under the guise of “educational awareness,” further illustrating the failure of existing safeguards.
Mistral AI Models’ Access Infrastructure:
Pixtral-Large was deployed through AWS Bedrock, while Pixtral-12B was accessed directly from Mistral. Both are multimodal models capable of handling input across text, images, and other data formats, which increases their attack surface.
Mistral’s Stance & Industry Context:
While Mistral claims a “zero tolerance policy on child safety” and collaboration with nonprofit Thorn, no public statement had been issued at the time. The company, valued at €6 billion, is supported by the French government and has marketed itself as transparent and trustworthy.
Industry-Wide Red Teaming Practices:
Red teaming is now considered a standard defense in AI development, akin to penetration testing in cybersecurity. OpenAI, Google, and Anthropic use both internal and external red teams. For instance, GPT-4.5’s red team evaluation found low risk in cybersecurity task exploitation but confirmed the need for stronger safeguards.
Call for ‘Security-First’ AI Development:
Enkrypt AI stresses that AI safety should be integrated from the design phase onward, not treated as a patch after deployment. The study advocates for proactive oversight, accountability frameworks, and public transparency.
Why This Matters:
The capacity of Mistral’s multimodal models to generate highly dangerous content underscores a critical vulnerability in current AI safety mechanisms. With a high success rate for adversarial prompts, especially when hidden in images, these models present a tangible threat to child safety, public health, and national security. The findings advocate for stricter regulation, third-party audits, and mandatory red teaming as part of any future AI model deployment strategy. The case of Mistral’s Pixtral highlights the urgent need for a security-first culture in AI development.
Explore Mistral AI‘s rise to a $2 billion valuation and its impact as Europe’s leading force in the global AI industry. A story of innovation and strategic growth
Read a comprehensive monthly roundup of the latest AI news!
