Overview
Severity: HIGH | Affected: Multiple LLM Providers | Category: research
Researchers from Carnegie Mellon University have published a paper detailing a novel jailbreak technique named 'Sleepwalker'. This method utilizes a combination of steganographically encoded instructions within invisible Unicode characters and complex, multi-turn conversational framing to bypass the safety filters of leading Large Language Models. The technique forces a model into a pseudo-state where it disassociates from its safety alignment, allowing it to respond to malicious prompts, including generating disinformation and malicious code. The paper includes successful demonstrations against models from OpenAI, Google, and Anthropic. The researchers followed a coordinated disclosure process, but the technique's adaptability poses a significant, ongoing threat, suggesting that current alignment strategies based on refusal training are insufficient against sophisticated, adaptive attacks and require a fundamental architectural rethink.