Overview
Severity: HIGH | Affected: All major LLMs | Category: research
Researchers from Carnegie Mellon University have published a paper detailing a novel jailbreak technique named 'Token Smuggling,' which can consistently bypass the safety guardrails of most major language models. Unlike traditional prompt injection, this method does not rely on complex wordplay. Instead, it embeds malicious instructions within specially crafted, low-probability token sequences or obscure Unicode characters. These sequences are ignored or misinterpreted by the model's pre-processing safety filters but are correctly assembled into a harmful command by the model's core attention mechanism. The research demonstrates that the semantic meaning of the smuggled prompt is only fully realized after the embedding layer, effectively creating a blind spot for many current alignment techniques. The paper includes proof-of-concept attacks against several state-of-the-art models, raising significant concerns about the robustness of existing safety measures.