Automating Deception: Scalable Multi-Turn LLM Jailbreaks (arxiv.org)

Researchers have developed an automated pipeline to create large-scale, multi-turn conversational datasets aimed at testing and potentially exploiting vulnerabilities in Large Language Models (LLMs). Leveraging psychological principles, particularly the Foot-in-the-Door (FITD) technique, this approach allows attackers to bypass security measures in a systematic and scalable manner. The study benchmarks 1,500 scenarios involving illegal activities and offensive content across seven prominent LLMs. Results show that models from the GPT family are particularly susceptible to these multi-turn attacks, revealing a 32 percentage point increase in attack success rates when previous conversational context is available. This development is significant for the AI/ML community as it exposes critical weaknesses in existing safety mechanisms and emphasizes the need for more robust defenses against narrative-based manipulations. Notably, Google's Gemini 2.5 Flash demonstrated remarkable resilience to these attacks, suggesting that architectural differences play a crucial role in a model's vulnerability. The findings underline the importance of improving defensive strategies to adapt to psychologically motivated adversarial techniques and enhance the overall security of LLMs against evolving threats.