Google
Rank #35 of 93
Measured

Google Gemini 2.0 Flash Lite: LLM Security & Jailbreak Resistance

As of 2026-07-04, Google Gemini 2.0 Flash Lite has an attack success rate (ASR) of 31.3% on Guardion's LLM Vulnerability benchmark — ranking #35 of 93 models. It is moderately resistant — a meaningful share of adversarial prompts succeed.

Overall ASR
31.3%
lower is safer
Robustness
68.7%
100 − ASR
Rank
#35
of 93 models
Zero-Shot ASR
1.3%
TAP ASR
63.9%
Tree of Attacks w/ Pruning
Crescendo ASR
28.7%
multi-turn escalation

Attack Success Rate (ASR) is the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks (HarmBench framework). Lower is safer. "Est." models are calibrated from public safety evaluations pending a Guardion benchmark run.

How Gemini 2.0 Flash Lite compares

Google Gemini 3 Pro
Rank #7 · ASR 6.0% (est.)
Compare
Google Gemini 3 Flash
Rank #10 · ASR 10.0% (est.)
Compare
Google Gemini 2.5 Pro
Rank #17 · ASR 16.1%
Compare
Google Gemini 2.0 Flash Thinking
Rank #22 · ASR 21.5% (est.)
Compare
Google Gemini 2.0 Flash
Rank #42 · ASR 33.6%
Compare
Google Gemma 3n E4B Instructed
Rank #83 · ASR 49.0% (est.)
Compare

Frequently asked questions

How secure is Google Gemini 2.0 Flash Lite against jailbreaks?

Google Gemini 2.0 Flash Lite is moderately resistant — a meaningful share of adversarial prompts succeed. On Guardion's LLM Vulnerability benchmark it records a 31.3% attack success rate (68.7% robustness), ranking #35 of 93 models.

What is Gemini 2.0 Flash Lite's attack success rate (ASR)?

Gemini 2.0 Flash Lite's overall ASR is 31.3% — the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks. Lower is safer.

Is Gemini 2.0 Flash Lite more secure than Gemini 3 Pro?

Gemini 3 Pro is more robust: 6.0% ASR vs Gemini 2.0 Flash Lite's 31.3%. See the full head-to-head comparison for the per-attack breakdown.

How can I make Gemini 2.0 Flash Lite safer to deploy?

Even robust models are bypassed under sustained attack. An inline runtime guardrail that classifies prompts and responses — like Guardion's prompt-defense models — blocks jailbreaks and prompt injection before they reach Gemini 2.0 Flash Lite.

Harden Gemini 2.0 Flash Lite in production

Guardion's runtime guardrails block jailbreaks and prompt injection before they reach any model — with sub-130ms policy decisions.

Request a demo