Saved in:
Bibliographic Details
Main Authors: Zhang, Zhaoxin, Chen, Borui, Hu, Yiming, Qu, Youyang, Zhu, Tianqing, Gao, Longxiang
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2511.21718
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917107430588416
author Zhang, Zhaoxin
Chen, Borui
Hu, Yiming
Qu, Youyang
Zhu, Tianqing
Gao, Longxiang
author_facet Zhang, Zhaoxin
Chen, Borui
Hu, Yiming
Qu, Youyang
Zhu, Tianqing
Gao, Longxiang
contents Recent research on large language model (LLM) jailbreaks has primarily focused on techniques that bypass safety mechanisms to elicit overtly harmful outputs. However, such efforts often overlook attacks that exploit the model's capacity for abstract generalization, creating a critical blind spot in current alignment strategies. This gap enables adversaries to induce objectionable content by subtly manipulating the implicit social values embedded in model outputs. In this paper, we introduce MICM, a novel, model-agnostic jailbreak method that targets the aggregate value structure reflected in LLM responses. Drawing on conceptual morphology theory, MICM encodes specific configurations of nuanced concepts into a fixed prompt template through a predefined set of phrases. These phrases act as conceptual triggers, steering model outputs toward a specific value stance without triggering conventional safety filters. We evaluate MICM across five advanced LLMs, including GPT-4o, Deepseek-R1, and Qwen3-8B. Experimental results show that MICM consistently outperforms state-of-the-art jailbreak techniques, achieving high success rates with minimal rejection. Our findings reveal a critical vulnerability in commercial LLMs: their safety mechanisms remain susceptible to covert manipulation of underlying value alignment.
format Preprint
id arxiv_https___arxiv_org_abs_2511_21718
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle When Harmless Words Harm: A New Threat to LLM Safety via Conceptual Triggers
Zhang, Zhaoxin
Chen, Borui
Hu, Yiming
Qu, Youyang
Zhu, Tianqing
Gao, Longxiang
Computation and Language
Recent research on large language model (LLM) jailbreaks has primarily focused on techniques that bypass safety mechanisms to elicit overtly harmful outputs. However, such efforts often overlook attacks that exploit the model's capacity for abstract generalization, creating a critical blind spot in current alignment strategies. This gap enables adversaries to induce objectionable content by subtly manipulating the implicit social values embedded in model outputs. In this paper, we introduce MICM, a novel, model-agnostic jailbreak method that targets the aggregate value structure reflected in LLM responses. Drawing on conceptual morphology theory, MICM encodes specific configurations of nuanced concepts into a fixed prompt template through a predefined set of phrases. These phrases act as conceptual triggers, steering model outputs toward a specific value stance without triggering conventional safety filters. We evaluate MICM across five advanced LLMs, including GPT-4o, Deepseek-R1, and Qwen3-8B. Experimental results show that MICM consistently outperforms state-of-the-art jailbreak techniques, achieving high success rates with minimal rejection. Our findings reveal a critical vulnerability in commercial LLMs: their safety mechanisms remain susceptible to covert manipulation of underlying value alignment.
title When Harmless Words Harm: A New Threat to LLM Safety via Conceptual Triggers
topic Computation and Language
url https://arxiv.org/abs/2511.21718