Overview
Severity: HIGH | Affected: OpenAI, Google, Anthropic | Category: research
Researchers from the Carnegie Mellon AI Safety Institute (CMU-AISI) have published a paper detailing a novel jailbreak technique called "Sleepwalker." This method uses a complex sequence of nested, self-referential instructions embedded within seemingly benign prompts. The technique effectively puts the model's safety alignment into a dormant state, allowing attackers to elicit harmful, biased, or restricted content. The researchers demonstrated successful bypasses on leading models from Anthropic, Google, and OpenAI. The technique is particularly potent as it doesn't rely on specific character sequences or known exploits, but rather manipulates the model's core attention mechanisms. The paper has prompted immediate responses from affected companies, who are now scrambling to develop new defense mechanisms against this sophisticated form of prompt injection.