Overview
Severity: HIGH | Affected: Multiple LLM Providers | Category: research
A paper published by researchers at Carnegie Mellon University introduces a novel jailbreak technique named 'Glyph-Shifting.' The attack leverages non-standard Unicode characters and homoglyphs to craft prompts that evade the safety alignment filters of major large language models, including GPT-4, Claude 3, and Gemini. By replacing standard characters with visually identical but computationally different ones, the technique effectively 'cloaks' malicious instructions, causing the models to generate harmful, biased, or otherwise restricted content. The researchers demonstrated a success rate of over 85% against a benchmark of content policies. The paper includes a proof-of-concept and highlights the fundamental challenge of securing models against adversarially crafted inputs that exploit tokenization and text normalization processes. The findings have prompted model providers to re-evaluate their input sanitization and filtering mechanisms.