GPT-5 multi-turn jailbreak via Echo Chamber and Storytelling
Technical Analysis
Summary
Hide ▲
Show ▼
Researchers demonstrated a multi-turn jailbreak against GPT-5 that bypassed safety filters and elicited harmful procedural output, showing how black-box conversations can be poisoned across turns. The attack combined Echo Chamber with Storytelling to seed a benign-sounding narrative, preserve continuity, and avoid explicit unsafe wording. The same pattern was reported to affect OpenAI's GPT, Google's Gemini, and Grok-4, widening the exposure beyond a single model.
Related Happenings
OpenAI ChatGPT indirect prompt injection vulnerabilities GPT-4o/GPT-5 security flaw
Vulnerability
First: 05.11.2025 16:04
Last: 05.11.2025 16:04
Sources 1
About this happening:
**OpenAI's ChatGPT** has a newly disclosed set of **indirect prompt injection** flaws in **GPT-4o and GPT-5** that could let an attacker steal data from **users' memories and chat...
OpenAI ChatGPT indirect prompt injection vulnerabilities GPT-4o/GPT-5 security flaw
VulnerabilityAbout this happening: **OpenAI's ChatGPT** has a newly disclosed set of **indirect prompt injection** flaws in **GPT-4o and GPT-5** that could let an attacker steal data from **users' memories and chat...
Timeline
-
11.08.2025 19:46 1 articles · 9mo ago
NeuralTrust reports GPT-5 jailbreak via Echo Chamber and Storytelling
Technical Analysis UpdateNeuralTrust reported that security researchers jailbreaked GPT-5 using a context-poisoning method called Echo Chamber and Storytelling, combining a subtly poisonous multi-turn context with low-salience narrative framing to elicit harmful procedural output such as directions for a Molotov cocktail. The researchers said the same black-box attack flow also applied to previous versions of OpenAI's GPT, Google's Gemini, and Grok-4, and that the technique exposed a weakness in safety systems that screen prompts in isolation.
Show sources
- Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours — www.darkreading.com — 11.08.2025 19:46