Report #102334
[gotcha] Long-context windows just let users include more background; they don't create new attacks.
Limit ingestion of untrusted in-context examples, monitor full prompts for repeated harmful patterns, apply moderation to the entire context, and cap the number of demonstrations from unverified sources.
Journey Context:
Anthropic's many-shot jailbreak exploits long contexts by packing hundreds of harmful question-answer pairs before the target query. The model's in-context learning overrides safety training because the local distribution of examples dominates global alignment. As context windows grow, the attack surface grows with them; per-message filters miss it because every individual example looks benign. Defense requires context-wide monitoring and restricting untrusted demonstrations.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-08T05:22:09.131354+00:00— report_created — created