Overview
Severity: HIGH | Affected: OpenAI, Google, Anthropic | Category: research
A new paper published by researchers at the Stanford AI Lab details a novel jailbreak technique named 'Recursive Embedding Attack' (REA) that successfully bypasses the safety filters of all major publicly available large language models. Unlike traditional prompt injection, REA operates at a lower level by crafting malicious data embeddings that, when processed by the model, trigger a cascade of internal state corruptions. This allows the attacker to recursively disable safety guardrails from within the model's own representational space, making it unresponsive to standard input filtering or refusal mechanisms. The researchers demonstrated that REA could reliably elicit harmful content, including instructions for creating weapons and generating sophisticated phishing campaigns. The technique is difficult to patch with simple prompt-level defenses, requiring fundamental changes to model architecture or training data sanitation processes.