PulseAugur
EN
LIVE 09:57:44

New 'Trojan Horse Prompting' attack exploits AI conversational history

A research paper, titled "Trojan Horse Prompting: Jailbreaking Conversational Multimodal Models by Forging Assistant Message," introduced a new security vulnerability in conversational AI models. This technique involves injecting malicious payloads into a model's own past messages within the dialogue history, which the model then trusts and acts upon. The paper demonstrated that this method, which exploits an "Asymmetric Safety Alignment" where models are more cautious of user prompts than their own purported history, achieved a high attack success rate on Google's Gemini-2.0-flash-preview-image-generation. The authors suggest this necessitates a shift towards validating conversational context integrity at a protocol level rather than just filtering user inputs. However, the paper has since been withdrawn by its author, Wei Duan. AI

IMPACT This research highlights a critical security flaw in conversational AI, potentially impacting the safety and reliability of future multimodal models.

RANK_REASON Research paper detailing a novel AI security vulnerability. [lever_c_demoted from research: ic=1 ai=1.0]

Read on arXiv cs.AI →

AI-generated summary · Google Gemini · from 1 sources. How we write summaries →

New 'Trojan Horse Prompting' attack exploits AI conversational history

COVERAGE [1]

  1. arXiv cs.AI TIER_1 English(EN) · Wei Duan, Li Qian ·

    Trojan Horse Prompting: Jailbreaking Conversational Multimodal Models by Forging Assistant Message

    arXiv:2507.04673v2 Announce Type: replace Abstract: The rise of conversational interfaces has greatly enhanced LLM usability by leveraging dialogue history for sophisticated reasoning. However, this reliance introduces an unexplored attack surface. This paper introduces Trojan Ho…