Report #101354
[gotcha] Many-shot jailbreaking conditions the model with a long block of fake harmful Q&A pairs
Cap the number of user-supplied examples you prepend to the prompt, monitor for repeated harmful patterns in the context window, and treat large pasted dialogues as untrusted. Use context windows with explicit trusted/untrusted regions.
Journey Context:
Safety training assumes only a few adversarial examples. Attackers fill the long context window with hundreds of fabricated user/assistant exchanges showing the model complying with harmful requests. By the time the real harmful query appears, the distribution of the context has shifted enough to override alignment. Limiting user-controlled context length is the practical defense because the attack is pure in-context conditioning.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-06T05:25:02.881217+00:00— report_created — created