Overview
Severity: HIGH | Affected: OpenAI, Google, Anthropic | Category: research
A new paper published by researchers at a leading university details a novel jailbreak technique called 'Semantic Recombination'. The attack works by splitting a malicious prompt into multiple, seemingly benign sub-prompts. These sub-prompts are then encoded and embedded in a way that, when processed by the model's attention mechanism, recombine to form the original harmful instruction after initial safety checks have been passed. This technique has proven effective against leading models from OpenAI, Google, and Anthropic, achieving a success rate of over 85% in bypassing safety filters for generating misinformation and malicious code. The research highlights a fundamental vulnerability in how current models process context sequentially, urging for a re-evaluation of input sanitization and internal adversarial training methods. The researchers have responsibly disclosed their findings to the affected companies.