: A study published in Nature Communications (March 2026) found that persuasion and social framing techniques achieved mean jailbreak success rates of 88.1% across GPT-4o, DeepSeek-V3, and Gemini 2.5 Flash . While the original DAN prompt has been largely patched in frontier models, current successful variants employ softer framing without explicit jailbreak vocabulary, translation into languages where safety training is less robust, and encoding techniques like Base64 to survive input classifiers.
Perhaps the most striking jailbreak method affecting Gemini is a technique known as "sockpuppeting," which exploits a legitimate API feature called assistant prefill. This attack injects a compliant-sounding acceptance prefix — such as "Sure, here is how to do it" — directly into the assistant role of a conversation thread. Because large language models are fundamentally trained to maintain self-consistency, once they have "agreed" to comply, they continue generating harmful content rather than triggering their standard safety mechanisms. jailbreak gemini
What specific are you researching? (e.g., cybersecurity, creative writing, academic research) : A study published in Nature Communications (March