Overview
Severity: HIGH | Affected: Multiple LLM Providers | Category: research
A new paper from researchers at Carnegie Mellon University's CyLab has introduced a powerful new jailbreak technique named 'Semantic Doppelgänger.' The attack bypasses LLM safety filters by crafting prompts that use carefully selected synonyms and paraphrased constructs to create a 'semantic shadow' of a malicious request. While the surface-level prompt appears benign, its underlying semantic representation closely mirrors a forbidden query, tricking the model's safety alignment into misclassifying the intent. The researchers demonstrated a 92% success rate against several leading proprietary and open-source models, including those from Anthropic, Google, and Meta. This technique is particularly concerning because it doesn't rely on complex character injections or roleplaying scenarios, making it harder to detect and patch with simple rule-based filters. The paper calls for more robust, semantically-aware defense mechanisms to counter this emerging threat class.