Overview
Severity: HIGH | Affected: Multiple LLMs | Category: research
A new research paper from Carnegie Mellon University's CyLab has introduced a novel jailbreak technique named 'Semantic Splicing'. Unlike traditional prompt injection attacks that rely on clever wording within a single prompt, this method involves submitting a sequence of seemingly benign prompts. The technique exploits how models process context and build latent representations. Each prompt individually passes safety checks, but their combined semantic meaning in the model's attention layers constructs a harmful instruction, effectively bypassing alignment filters. The researchers demonstrated a 92% success rate in generating disallowed content across leading models, including OpenAI's GPT-5 and Anthropic's Claude 4. The paper highlights a fundamental architectural vulnerability in current transformer-based models, prompting urgent calls for new defensive paradigms beyond input filtering.