Overview
Severity: HIGH | Affected: Multiple LLM Providers | Category: research
A new paper from Carnegie Mellon University's CyLab has detailed a novel jailbreak technique named 'Contextual Weaving'. This method demonstrates a sophisticated way to circumvent the safety alignment of state-of-the-art Large Language Models (LLMs). Unlike simple prompt injection, Contextual Weaving involves a multi-turn conversational approach where the attacker gradually introduces benign-seeming but specifically crafted context. Over several interactions, this 'weaved' context subtly shifts the model's attention and interpretation, effectively creating a blind spot in its safety filters. The researchers showed that this allows the model to generate harmful, biased, or prohibited content that it would normally refuse. The technique proved successful against several major commercial and open-source models. The paper serves as a critical warning to AI developers, highlighting that static, single-prompt safety evaluations are insufficient and that models remain vulnerable to complex, stateful attacks that manipulate conversational history. The researchers have responsibly disclosed their findings to affected vendors.