[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-a-new-attack-flips-ai-safety-filters-across-models":10,"sections":34},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":24,"tags":25,"sources":29,"feedback":33,"feedback_at":22,"cost_usd":33,"total_tokens":33},2949,"a-new-attack-flips-ai-safety-filters-across-models","A New Attack Flips AI Safety Filters Across Models","Researchers found that targeting high-entropy decision tokens can bypass safety guardrails in vision-language models and transfer across architectures.","A new jailbreak technique exploits a subtle quirk in how AI safety filters make decisions — and it works across models the attack was never trained on.\n\nResearchers studying vision-language models (VLMs) — AI systems that process both images and text — noticed that refusal behavior clusters around specific \"high-entropy\" moments during text generation, where the model is most uncertain about what to say next. Their method, called UJEM-KL, pushes entropy higher at exactly those decision points, nudging the model away from refusal without forcing a specific harmful output. Tested across three VLMs and two safety benchmarks, it achieved competitive attack success rates even against representative defenses, and — crucially — transferred to models it wasn't explicitly optimized for.\n\nThat last part matters most. Prior research had largely concluded that image-based jailbreaks were too model-specific to pose a broad threat. This work challenges that assumption by changing the optimization target: instead of steering toward a fixed harmful prefix, it simply destabilizes the refusal decision itself. If the finding holds up, it suggests the safety community has been measuring transferability under conditions that made attacks look weaker than they are.\n\nVLMs are increasingly embedded in products — coding assistants, document analyzers, customer-facing chatbots — so a transferable, lightweight jailbreak is not an academic footnote. The paper's own framing is measured, but the implication is clear: tightening the optimization objective was masking a real vulnerability, not solving one.","[\"ai\",\"security\",\"vision-language models\",\"jailbreak\"]","2026-06-30T04:00:00.000Z","2026-06-30T15:36:16.128Z","2026-06-30T15:36:19.022Z","published",null,[],"security",[26,24,27,28],"ai","vision-language models","jailbreak",[30],{"name":31,"url":32},"arXiv cs.AI","https:\u002F\u002Farxiv.org\u002Fabs\u002F2605.10764",0,{"sections":35},[36,40,44,49,54,59,64,69,74,79,84,88,93,98],{"name":37,"slug":26,"count":38,"latest_published_at":39},"AI",2590,"2026-07-16T04:00:00.000Z",{"name":41,"slug":24,"count":42,"latest_published_at":43},"Security",294,"2026-07-15T19:59:48.000Z",{"name":45,"slug":46,"count":47,"latest_published_at":48},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":50,"slug":51,"count":52,"latest_published_at":53},"Policy","policy",158,"2026-07-16T00:02:48.000Z",{"name":55,"slug":56,"count":57,"latest_published_at":58},"Hardware","hardware",122,"2026-07-14T19:46:26.000Z",{"name":60,"slug":61,"count":62,"latest_published_at":63},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":65,"slug":66,"count":67,"latest_published_at":68},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":70,"slug":71,"count":72,"latest_published_at":73},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":75,"slug":76,"count":77,"latest_published_at":78},"Dev Tools","dev-tools",59,"2026-07-07T04:00:00.000Z",{"name":80,"slug":81,"count":82,"latest_published_at":83},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":85,"slug":86,"count":82,"latest_published_at":87},"Startups","startups","2026-06-29T20:55:50.000Z",{"name":89,"slug":90,"count":91,"latest_published_at":92},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":94,"slug":95,"count":96,"latest_published_at":97},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":99,"slug":100,"count":101,"latest_published_at":102},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]