Adversarial versification in portuguese as a jailbreak operator in LLMs

Recent evidence shows that the versification of prompts constitutes a highly effective adversarial mechanism against aligned LLMs. The study 'Adversarial poetry as a universal single-turn jailbreak mechanism in large language models' demonstrates that instructions routinely refused in prose become executable when rewritten as verse, producing up to 18 x more safety failures in benchmarks derived from MLCommons AILuminate. Manually written poems reach approximately 62% ASR, and automated versions 43%, with some models surpassing 90% success in single-turn interactions. The effect is structural: systems trained with RLHF, constitutional AI, and hybrid pipelines exhibit consistent degradation under minimal semiotic formal variation. Versification displaces the prompt into sparsely supervised latent regions, revealing guardrails that are excessively dependent on surface patterns. This dissociation between apparent robustness and real vulnerability exposes deep limitations in current alignment regimes. The absence of evaluations in Portuguese, a language with high morphosyntactic complexity, a rich metric-prosodic tradition, and over 250 million speakers, constitutes a critical gap. Experimental protocols must parameterise scansion, metre, and prosodic variation to test vulnerabilities specific to Lusophone patterns, which are currently ignored.

Key Contributions

• Identifies poetic versification as a structural jailbreak operator that exploits sparsely supervised latent regions in aligned LLMs
• Demonstrates up to 18x increase in safety failures and ~62% ASR with manually written verse, >90% for some models in single-turn settings
• Proposes extending adversarial versification research to Portuguese, targeting morphosyntactic and prosodic properties unexplored in prior safety evaluations

🛡️ Threat Analysis

Details

Similar Papers