This study challenges the prevailing assumption that jailbreaking inevitably degrades the performance of large language models by systematically evaluating 28 jailbreak methods across the Claude model series—from Haiku 4.5 to Opus 4.6—on five established benchmarks. Through comprehensive multi-model comparisons, multi-task assessments, and safety classifier evasion tests, the work reveals for the first time an inverse relationship between performance degradation and model capability: Haiku 4.5 exhibits an average performance drop of 33.1%, whereas the most capable model, Opus 4.6, declines by only 7.7%. Notably, reasoning tasks suffer significantly more than knowledge recall tasks. Among the evaluated techniques, the novel Boundary Point method stands out by effectively bypassing safety mechanisms with minimal performance loss, enabling highly efficient and low-impact jailbreaking.

As language model safeguards become more robust, attackers are pushed toward developing increasingly complex jailbreaks. Prior work has found that this complexity imposes a "jailbreak tax" that degrades the target model's task performance. We show that this tax scales inversely with model capability and that the most advanced jailbreaks effectively yield no reduction in model capabilities. Evaluating 28 jailbreaks on five benchmarks across Claude models ranging in capability from Haiku 4.5 to Opus 4.6, we find Haiku 4.5 loses an average of 33.1% on benchmark performance when jailbroken, while Opus 4.6 at max thinking effort loses only 7.7%. We also observe that across all models, reasoning-heavy tasks display considerably more degradation than knowledge-recall tasks. Finally, Boundary Point Jailbreaking, currently the strongest jailbreak against deployed classifiers, achieves near-perfect classifier evasion with near-zero degradation across safeguarded models. We recommend that safety cases for frontier models should not rely on a meaningful capability degradation from jailbreaks.