Overview
Severity: HIGH | Affected: Carnegie Mellon University | Category: research
A new paper published by researchers at Carnegie Mellon University's CyLab introduces a novel jailbreak technique named 'Semantic Splicing'. This method bypasses the safety filters of leading large language models, including GPT-5 and Gemini 2. Unlike simple prompt injection, Semantic Splicing embeds malicious instructions within multi-turn, contextually rich narratives. The prompt gradually builds a fictional world with its own rules, leading the model to interpret the harmful request as a valid action within that semantic frame, thereby overriding its foundational safety alignment. The researchers demonstrated that this technique successfully generated content related to misinformation, hate speech, and illicit activities with a success rate over 85% on benchmarked models, a significant increase over existing methods. The paper serves as a critical warning to AI developers, emphasizing the need for more sophisticated, context-aware defense mechanisms that go beyond simple keyword filtering and static safety protocols to address these advanced adversarial attacks.