Overview
Severity: HIGH | Affected: Multiple (OpenAI, Google, Anthropic) | Category: research
Researchers from Stanford's AI Lab have published a paper detailing a novel jailbreak technique named 'Char-Slipping'. The method involves embedding non-printable or visually similar Unicode characters within prompts to create semantic ambiguities that bypass the safety alignment filters of leading large language models. The attack proved highly effective against models from Anthropic, Google, and OpenAI, achieving an 85% success rate in generating harmful or restricted content in controlled tests. The technique exploits weaknesses in tokenization and preprocessing steps, where the models fail to correctly interpret the obfuscated text's malicious intent. The researchers have responsibly disclosed their findings to the affected companies, who are now working on patches to improve their input sanitization and tokenization pipelines to mitigate this new class of adversarial attacks.