Overview
Severity: HIGH | Affected: Multiple LLM Providers | Category: research
A new paper from Carnegie Mellon University's CyLab has detailed a novel jailbreak technique named 'Recursive Obfuscation'. The attack bypasses the safety alignment of major large language models, including GPT-5, Claude 4, and Gemini 2.0. Unlike traditional prompt injection, this method involves nesting a malicious instruction within multiple layers of benign-seeming, context-rich narratives or code blocks. The model expends its cognitive and safety-checking resources on processing the outer layers, effectively creating a blind spot that allows the deeply nested harmful prompt to be executed without triggering safety filters. The researchers demonstrated a 95% success rate in generating disallowed content, including malware code and detailed misinformation campaigns. The paper, published on arXiv, has prompted immediate responses from leading AI labs, who are now scrambling to develop defenses against this sophisticated, context-aware attack vector.