Breaking the Black Box: A Case Study in Red-Teaming a Government Education AI

**Red-team case study:** A black-box assessment of a stateless government education assistant shows robust semantic defenses but a critical weakness to structural attacks. The testers bypassed intent and content filters by switching the model into developer/code formats (JSON) and using Base64 obfuscation, which allowed generation of phishing/XSS payloads and forced disclosure of the model's system prompt; the report highlights the risk of format-based side channels and the need for output-aware sanitization and secondary safety checks.