Overview
Severity: HIGH | Affected: Multiple LLM Providers | Category: research
A new research paper from Carnegie Mellon University's CyLab has introduced a novel jailbreak technique named 'Semantic Doppelgänger'. The attack bypasses state-of-the-art safety filters on major LLMs by crafting prompts that use complex analogies, historical allegories, or cultural metaphors. These prompts appear benign on the surface but create a hidden semantic context that mirrors a harmful request. The model, interpreting the deeper analogical structure, then generates prohibited content while believing it is fulfilling a safe request. The paper demonstrates a high success rate against leading models, including those from Anthropic and Google, raising significant concerns about the robustness of current alignment techniques that rely heavily on surface-level prompt analysis. The research highlights the need for more advanced, context-aware safety mechanisms.