From Adversarial Poetry to Adversarial Tales: An Interpretability Research Agenda

Safety mechanisms in LLMs remain vulnerable to attacks that reframe harmful requests through culturally coded structures. We introduce Adversarial Tales, a jailbreak technique that embeds harmful content within cyberpunk narratives and prompts models to perform functional analysis inspired by Vladimir Propp's morphology of folktales. By casting the task as structural decomposition, the attack induces models to reconstruct harmful procedures as legitimate narrative interpretation. Across 26 frontier models from nine providers, we observe an average attack success rate of 71.3%, with no model family proving reliably robust. Together with our prior work on Adversarial Poetry, these findings suggest that structurally-grounded jailbreaks constitute a broad vulnerability class rather than isolated techniques. The space of culturally coded frames that can mediate harmful intent is vast, likely inexhaustible by pattern-matching defenses alone. Understanding why these attacks succeed is therefore essential: we outline a mechanistic interpretability research agenda to investigate how narrative cues reshape model representations and whether models can learn to recognize harmful intent independently of surface form.

Key Contributions

• Introduces Adversarial Tales, a single-turn jailbreak that embeds harmful procedures within cyberpunk narratives and exploits Proppian structural analysis framing to elicit harmful outputs from LLMs
• Demonstrates 71.3% average attack success rate across 26 frontier models from 9 providers with no model family proving reliably robust (range: 35%–94%)
• Proposes a mechanistic interpretability research agenda to explain why narrative and structural cues systematically weaken safety constraints, framing structurally-grounded jailbreaks as a broad vulnerability class

🛡️ Threat Analysis

Details

Similar Papers