Overview
Severity: HIGH | Affected: Multiple LLM Providers | Category: research
Researchers at Carnegie Mellon University have published a paper detailing a novel and highly effective jailbreaking technique called 'Many-Shot Jailbreaking'. Unlike previous methods that rely on specific, crafted prompts, this technique involves prepending a large number of benign, in-character dialogue examples to the malicious prompt. This 'in-context learning' overload appears to steer the model into a state where it complies with harmful instructions, bypassing its safety alignment. The technique has proven effective across multiple flagship models, including OpenAI's GPT-5, Anthropic's Claude 4, and Google's Gemini Pro 2, with a reported success rate of over 80% in black-box tests. The research highlights a fundamental vulnerability in how LLMs process extensive context, posing a significant challenge for developers who cannot simply filter for specific malicious strings.