Overview
Severity: HIGH | Affected: Major LLM Providers | Category: research
Researchers from Carnegie Mellon University have published a paper detailing a novel jailbreak technique named 'Sleepwalker'. This universal attack bypasses the safety alignment of major large language models, including those from OpenAI, Anthropic, and Google. The method involves embedding obfuscated, malicious instructions within seemingly benign prompts using steganographic principles and subtle linguistic patterns. These hidden commands effectively put the model's safety filters into a dormant state, allowing it to respond to harmful requests without triggering standard refusal mechanisms. The technique has demonstrated a high success rate in red teaming exercises, successfully generating misinformation, hate speech, and malicious code. The research highlights a critical vulnerability in current alignment strategies, which primarily focus on direct and obvious attacks rather than sophisticated, multi-layered deception. The team has responsibly disclosed their findings to the affected organizations, who are now working on developing more robust defense mechanisms against such covert attacks.