detector-evasionshapes the output so automated content detectors do not flag it.watermark-removalproduces text without the hidden marks that show it came from an AI.encoding-outputreturns the answer in an encoded form so plain-text scanners miss it.style-mimicrycopies a known author or source style to make harmful text look legitimate.safety-label-strippingremoves the warnings or disclaimers that would normally tag risky content.
Attack Strategies
Output Manipulation: Attack Strategy
Attacks that shape how the AI formats or labels its answer so harmful content slips past detectors. The bad content is real, but it is dressed up to look s
What it is: Attacks that shape how the AI formats or labels its answer so harmful content slips past detectors. The bad content is real, but it is dressed up to look safe.
How the attacks work: The attacker asks the AI to change the wrapping, not the substance. Strip the warning labels, encode the text, copy a trusted writing style, or split the output so filters do not catch it. The harmful payload still gets through, just disguised.
Real examples from the framework: