What it is: These attacks trick the AI by playing on trust, authority, and emotion instead of hacking it. The goal is to talk the model into helping with deception. How the attacks work: The attacker builds a believable story. They pretend to be a boss, an expert, or a person in distress, then use that pretext to get the model to write a scam, a phishing message, or a manipulative script. Real examples from the framework:
  • spear-phishing-generation asks for a tailored fake message aimed at one specific victim.
  • authority-impersonation claims to be a manager or official to pressure the model into helping.
  • pretexting builds a fake backstory across turns to lower the model’s guard.
  • emotional-manipulation uses guilt or urgency to push the model past its limits.
  • role-play-bypass frames the harmful request as a game or character to make it feel safe.
Why an AI might fall for it: The model is trained to be cooperative and to respect authority and feelings. A warm or official tone can make a harmful request feel normal and reasonable. How to defend: Judge the request by what it does, not by who claims to be asking. Stay firm even under emotional or authority pressure. Refuse to write phishing, impersonation, or scam content regardless of the framing.