Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware

News
By published

Researchers bypassed guardrails with the new ‘Immersive World’ technique

AI tools.
(Image credit: Shutterstock/NMStudio789)
  • Security researchers have developed a new technique to jailbreak AI chatbots
  • The technique required no prior malware coding knowledge
  • This involved creating a fake scenario to convince the model to craft an attack

Despite having no previous experience in malware coding, Cato CTRL threat intelligence researchers have warned they were able to jailbreak multiple LLMs, including ChatGPT-4o, DeepSeek-R1, DeepSeek-V3, and Microsoft Copilot, using a rather fantastical technique.

The team developed ‘Immersive World’ which uses “narrative engineering to bypass LLM security controls” by creating a “detailed fictional world” to normalize restricted operations and develop a “fully effective" Chrome infostealer. Chrome is the most popular browser in the world, with over 3 billion users, outlining the scale of the risk this attack poses.

Infostealer malware is on the rise, and is rapidly becoming one of the most dangerous tools in a cybercriminal's arsenal - and this attack shows that the barriers are significantly lowered for cybercriminals, who now need no prior experience in creating malicious code.

AI for attackers

LLMs have ‘fundamentally altered the cybersecurity landscape”, the report claims, and research has shown that AI-powered cyber threats are becoming a much more serious concern for security teams and businesses by allowing criminals to craft more sophisticated attacks with less experience and at a higher frequency.

Chatbots have many guardrails and safety policies, but since AI models are designed to be as helpful and compliant to the user as possible, researchers have been able to jailbreak the models, including persuading AI Agents to write and send phishing attacks with relative ease.

“We believe the rise of the zero-knowledge threat actor poses high risk to organizations because the barrier to creating malware is now substantially lowered with GenAI tools,” said Vitaly Simonovich, threat intelligence researcher at Cato Networks.

“Infostealers play a significant role in credential theft by enabling threat actors to breach enterprises. Our new LLM jailbreak technique, which we’ve uncovered and called Immersive World, showcases the dangerous potential of creating an infostealer with ease.”

You might also like

TOPICS
Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A person using DeepSeek on their smartphone
DeepSeek ‘incredibly vulnerable’ to attacks, research claims
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
DDoS attack
ChatGPT security flaw could open the gate for devastating cyberattack, expert warns
DeepSeek
Experts warn DeepSeek is 11 times more dangerous than other AI chatbots
Sam Altman and OpenAI
Open AI bans multiple accounts found to be misusing ChatGPT
Claude AI landing page
Anthropic has a new security system it says can stop almost all AI jailbreaks
Latest in Security
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
ID theft
Hackers claim Orange attack, threaten to leak 1TB of data
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Latest in News
Student sat at a desk with a laptop in a dormitory looking at a mobile phone
Windows 11 could eventually help you understand how fast your PC is - as well as offer tips for making your PC or laptop faster for free
Google Pixel 9a
Google just launched the Pixel 9a – and I reckon it embarrasses the iPhone 16e
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Adobe Firefly
Adobe launches game-changing GenAI tools for video editing
Amrit Kaur and Reneé Rapp in The Sex Lives of College Girls.
Max cancels The Sex Lives of College Girls but the hit HBO show might find a new streaming home elsewhere
Adobe AI agents
Adobe launches 10 new AI agents to automate key marketing workflows
More about security
Avast cybersecurity

An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
An Android phone being held in the hand

These malicious Android apps were installed over 60 million times - here's how to stay safe
Amrit Kaur and Reneé Rapp in The Sex Lives of College Girls.

Max cancels The Sex Lives of College Girls but the hit HBO show might find a new streaming home elsewhere
See more latest
Most Popular
Amrit Kaur and Reneé Rapp in The Sex Lives of College Girls.
Max cancels The Sex Lives of College Girls but the hit HBO show might find a new streaming home elsewhere
Student sat at a desk with a laptop in a dormitory looking at a mobile phone
Windows 11 could eventually help you understand how fast your PC is - as well as offer tips for making your PC or laptop faster for free
Jia-Xin "Jay" Zhong, a postdoctoral scholar of acoustics at Penn State, used a dummy with microphones in its ears to measure the presence or absence of sound along an ultrasonic trajectory.
A wild new sound tech promises to create 'personal' sound only you can hear, but without headphones
An AMD Ryzen processor slotted into a motherboard
It's not looking bright for next-gen systems using AMD's Medusa Point APUs - they reportedly won't use RDNA 4 architecture, potentially meaning no FSR 4
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
Google Pixel 9a
Google just launched the Pixel 9a – and I reckon it embarrasses the iPhone 16e
Adobe Firefly
Adobe launches game-changing GenAI tools for video editing
Wix Functions
Wix launches no-code tool to streamline business flows
A render of an Intel CPU in a futuristic PC.
Intel fans, rejoice - XeSS 2 is coming to more games, as its SDK is available for all developers to download
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe