Google
Rank #89 of 93
Est.

Google Gemma 3n E2B Instructed LiteRT: LLM Security & Jailbreak Resistance

As of 2026-07-04, Google Gemma 3n E2B Instructed LiteRT has an attack success rate (ASR) of 55.0% on Guardion's LLM Vulnerability benchmark — ranking #89 of 93 models. It is highly vulnerable — most adversarial prompts succeed without an external guardrail.

Overall ASR
55.0%
lower is safer
Robustness
45%
100 − ASR
Rank
#89
of 93 models
Zero-Shot ASR
100.0%
TAP ASR
100.0%
Tree of Attacks w/ Pruning
Crescendo ASR
100.0%
multi-turn escalation

Attack Success Rate (ASR) is the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks (HarmBench framework). Lower is safer. "Est." models are calibrated from public safety evaluations pending a Guardion benchmark run.

How Gemma 3n E2B Instructed LiteRT compares

Google Gemini 3 Pro
Rank #7 · ASR 6.0% (est.)
Compare
Google Gemini 3 Flash
Rank #10 · ASR 10.0% (est.)
Compare
Google Gemini 2.5 Pro
Rank #17 · ASR 16.1%
Compare
Google Gemini 2.0 Flash Thinking
Rank #22 · ASR 21.5% (est.)
Compare
Google Gemini 2.0 Flash
Rank #42 · ASR 33.6%
Compare

Frequently asked questions

How secure is Google Gemma 3n E2B Instructed LiteRT against jailbreaks?

Google Gemma 3n E2B Instructed LiteRT is highly vulnerable — most adversarial prompts succeed without an external guardrail. On Guardion's LLM Vulnerability benchmark it records a 55.0% attack success rate (45% robustness), ranking #89 of 93 models (estimated from public safety evaluations).

What is Gemma 3n E2B Instructed LiteRT's attack success rate (ASR)?

Gemma 3n E2B Instructed LiteRT's overall ASR is 55.0% — the share of adversarial prompts that elicit harmful output across zero-shot, TAP, and Crescendo attacks. Lower is safer.

Is Gemma 3n E2B Instructed LiteRT more secure than Gemini 3 Pro?

Gemini 3 Pro is more robust: 6.0% ASR vs Gemma 3n E2B Instructed LiteRT's 55.0%. See the full head-to-head comparison for the per-attack breakdown.

How can I make Gemma 3n E2B Instructed LiteRT safer to deploy?

Even robust models are bypassed under sustained attack. An inline runtime guardrail that classifies prompts and responses — like Guardion's prompt-defense models — blocks jailbreaks and prompt injection before they reach Gemma 3n E2B Instructed LiteRT.

Harden Gemma 3n E2B Instructed LiteRT in production

Guardion's runtime guardrails block jailbreaks and prompt injection before they reach any model — with sub-130ms policy decisions.

Request a demo