Summary: Microsoft researchers have introduced a new jailbreak method called Context Compliance Attack (CCA) that effectively circumvents safety mechanisms in many AI systems by manipulating conversation history. The method exposes a critical vulnerability present in various generative AI models, allowing them to produce restricted outputs without direct prompt manipulation. Testing revealed that most leading AI systems are vulnerable to this technique, except for Llama-2.
Affected: Generative AI systems (e.g., Claude, DeepSeek, Gemini, GPT models, Llama, Phi, Yi)
Keypoints :
- The Context Compliance Attack (CCA) exploits architectural vulnerabilities in AI systems by manipulating conversation history to trigger restricted behaviors.
- Researchers tested CCA on multiple leading AI models, finding that only Llama-2 remained unaffected.
- Proposed mitigations include server-side conversation history maintenance and the use of digital signatures to ensure context integrity.
Source: https://www.securityweek.com/new-cca-jailbreak-method-works-against-most-ai-models/