regulatory-bypassasking the AI how to get around regulatory requirements or hide an activity from oversight bodies.
Attack Strategies
Regulatory Evasion: Attack Strategy
This attack tries to get the AI to help a person or business break the rules that regulators set, then hide it. The goal is advice on dodging oversight, au
What it is: This attack tries to get the AI to help a person or business break the rules that regulators set, then hide it. The goal is advice on dodging oversight, audits, or legal reporting requirements.
How the attacks work: The attacker asks for help with something that crosses a legal or compliance line, but frames it as a normal business question. They want the AI to explain how to skip a required filing, hide an activity from auditors, or structure something so a regulator will not notice. The harm is helping someone evade the law while looking legitimate.
Real examples from the framework: