base32-encodingpacks the harmful request into Base32 text so it looks like random letters.caesar-shiftshifts every letter by a fixed amount, a classic simple cipher.invisible-charactersslips hidden Unicode characters between letters to fool the filter.morse-codewrites the request in dots and dashes for the model to decode.unicode-tag-smugglinguses special tag characters that humans cannot see but the model still reads.homoglyph-substitutionswaps normal letters for lookalike characters from other alphabets.
Attack Strategies
Encoding: Attack Strategy
Attacks that hide a banned request inside a code, cipher, or odd format. The AI decodes it, then answers, skipping the safety check it would normally do on
What it is: Attacks that hide a banned request inside a code, cipher, or odd format. The AI decodes it, then answers, skipping the safety check it would normally do on plain text.
How the attacks work: The harmful words are disguised so the safety filter does not recognize them. The attacker might use Base64, Morse code, hidden characters, or a simple letter shift. The AI reads past the disguise, understands the real request, and replies. The filter saw gibberish, but the model saw the real meaning.
Real examples from the framework: