The October 2025 academic paper introduces a novel **imperceptible jailbreaking attack** against Large Language Models (LLMs) that exploits Unicode **variation selectors**, which are invisible characters. Unlike previous jailbreaking methods that rely on visible text modifications, this technique appends invisible variation selectors to malicious questions, visually preserving the original prompt while **altering the LLM's tokenization** to bypass safety alignment. The authors propose a **chain-of-search pipeline** to optimize these adversarial suffixes, achieving high attack success rates against four aligned LLMs and demonstrating generalization to prompt injection attacks. Through analysis of attention scores and embedding differences, the study confirms that the invisible suffixes successfully **redirect the model's focus** away from harmful content to produce unsafe outputs.Source:https://arxiv.org/pdf/2510.05025

Ver todos los episodios