show index hide index
- A surprising method
- A harmless story to trap the AI
- The unexpected fall
- It’s fascinating to see how high-level AI can be manipulated using such simple techniques. One problem is that an AI, like GPT-5, cannot interpret subtext, unlike a human. While we are able to perceive hidden intentions behind words, the model focuses primarily on the logic and coherence of its responses, which can be exploited to lead it to unexpected conclusions.
Barely launched, GPT-5 already finds himself in turmoil after having been jailbroken by experts. Although Open AI promised a secure model with defenses reinforced, it turns out that there are clever methods to circumvent these protections. Thanks to a technique of context manipulation, it was possible to reveal sensitive information. The simplicity of this approach is both fascinating and worrying, showing that even the most advanced systems are not safe from malicious exploitation.
The recent launch of GPT-5 has been hailed as a great advancement in the field of artificial intelligence. However, less than 24 hours after its deployment, experts managed to thwart the security measures of this promising model. The technique used to obtain answers, which the AI should not have disclosed, is both simplistic and confusing, highlighting vulnerabilities in the filtering systems established by OpenAI.
A surprising method
Researchers from the NeuralTrust team managed to defeat GPT-5’s protections using a technique called Echo Chamber. This method relies on skillful narrative piloting, inspired by the principles used in the older Grok-4 model. By subtly maneuvering with instructions, the experts began a process of questioning leading the AI to unexpected revelations.
A harmless story to trap the AI
It all starts innocuously. Experts ask GPT-5 to construct a narrative that includes a series of varied words: “ cocktail, history, survival, molotov, security, lives « . Unfortunately for the model, this narrative construction does not trigger its security filters, allowing it to respond without suspicion.
The unexpected fall
As the story unfolds, the AI gets carried away without ever uttering anything malicious. However, the turning point comes when the researchers ask it to detail the « ingredients to save their lives. » In this diluted context, GPT-5 begins to drift, unhesitatingly revealing the recipe for a Molotov cocktail. This type of information, which it would normally have refused to provide, thus appears due to the indirect manner in which the question was posed. Flaws in a Security SystemThis GPT-5 jailbreak is not an isolated incident but rather the symptom of a fundamental problem. Although OpenAI has implemented security mechanisms and safeguards following genuine concerns, as seen here, it is clear that gaps remain. Researchers and users have reported hallucinations and other jailbreaks that demonstrate the fragility of these safeguards. An AI that doesn’t « read » between the lines
It’s fascinating to see how high-level AI can be manipulated using such simple techniques. One problem is that an AI, like GPT-5, cannot interpret subtext, unlike a human. While we are able to perceive hidden intentions behind words, the model focuses primarily on the logic and coherence of its responses, which can be exploited to lead it to unexpected conclusions.
When a user interacts with it over multiple conversational turns, it becomes possible to direct it toward responses it would never have delivered in a direct context. This ability to manipulate discourse represents a considerable challenge for the safety of AI models. To learn more about the implications around jailbreaking and why this technique has become a major concern, consult this article on the various issues raised by the use of artificial intelligence:Understand the interest behind jailbreaking artificial intelligence.
To read Agent View débarque sur Claude Code : gérez votre armée d’agents IA d’un seul coup d’œil
