Overview
Severity: HIGH | Affected: Stanford University | Category: research
Researchers at Stanford University have published a paper detailing a new class of jailbreak attacks called 'Recursive Embedding Attacks' (REA). Unlike traditional prompt injection, REA operates by crafting inputs that create nested, self-referential token embeddings. These crafted embeddings cause the model's attention mechanism to enter a state of confusion, effectively bypassing its safety filters and policy guardrails at a fundamental architectural level. The researchers demonstrated that REA successfully induced models from leading providers like OpenAI, Google, and Anthropic to generate harmful content, including detailed malware code and misinformation, with a success rate exceeding 90% against a benchmark of safety-aligned models. The paper calls for an urgent re-evaluation of current alignment techniques, suggesting that surface-level safety training is insufficient against attacks targeting the model's core processing logic.