Jailbreaking is (Mostly) Simpler Than You Think
We introduce the Context Compliance Attack (CCA), a novel, optimization-free method for bypassing AI safety mechanisms. Unlike current approaches -- which rely on complex prompt engineering and computationally intensive optimization -- CCA exploits a fundamental architectural vulnerability inherent in many deployed AI systems. By subtly manipulating conversation history, CCA convinces the model to comply with a fabricated dialogue context, thereby triggering restricted behavior. Our evaluation across a diverse set of open-source and proprietary models demonstrates that this simple attack can circumvent state-of-the-art safety protocols. We discuss the implications of these findings and propose practical mitigation strategies to fortify AI systems against such elementary yet effective adversarial tactics.
View on arXiv@article{russinovich2025_2503.05264,
title={ Jailbreaking is (Mostly) Simpler Than You Think },
author={ Mark Russinovich and Ahmed Salem },
journal={arXiv preprint arXiv:2503.05264},
year={ 2025 }
}