Overview
Severity: HIGH | Affected: Multiple LLM Providers | Category: research
A paper published by researchers at Stanford University details a novel jailbreak technique named 'Recursive Embedding Attack' (REA). This method circumvents state-of-the-art safety alignments in large language models by encoding malicious instructions within nested, seemingly benign data formats like Base64-encoded JSON. The model's own data interpretation capabilities are exploited to recursively unpack these instructions, which are then executed by a deeper layer of the model's logic, bypassing the initial safety filters. The research demonstrates a near 100% success rate in generating harmful, biased, and prohibited content from leading models including OpenAI's GPT-5, Anthropic's Claude 4, and Google's Gemini Pro. The findings expose a fundamental vulnerability in how LLMs process structured data in prompts and suggest that input sanitization must be re-architected to account for these multi-layer interpretation attacks. Major AI labs have acknowledged the paper and are reportedly working on mitigation strategies.