Overview
Severity: HIGH | Affected: Multiple LLM Providers | Category: research
A new paper from Stanford's AI Lab details a novel jailbreaking technique called the 'Recursive Embedding Attack' (REA). This method circumvents the safety alignment of major large language models, including those from Anthropic and Google, by crafting prompts that embed harmful instructions within multiple layers of benign-seeming context. The model processes the outer layers normally, but the nested, recursively referenced instructions trigger the generation of prohibited content with over 90% success in tested models. REA is particularly effective because it doesn't rely on specific keywords that safety filters typically detect. Instead, it manipulates the model's internal representations. The research highlights a fundamental vulnerability in current alignment techniques and calls for more robust, context-aware defense mechanisms. The researchers have responsibly disclosed the findings to affected companies.