This paper identifies and systematically models a novel class of adversarial attacks—Infinite-Meaning Manipulation (IMM) attacks—that exploit large language models’ (LLMs) strong semantic generalization and encoding comprehension capabilities to bypass safety guardrails via semantically equivalent paraphrasing or lightweight encodings (e.g., Base64/ROT13 variants), inducing violations in models including GPT-4, Claude-3, and Llama-3. Method: We introduce the first formal framework for IMM attacks and propose two scalable defense mechanisms: (1) a bijective token-space transformation enabling controllable input mapping, and (2) embedding-space consistency verification coupled with encoding protocol detection. Contribution/Results: Our analysis reveals that enhanced model capabilities may inadvertently exacerbate security risks. Experiments demonstrate that the proposed defenses significantly improve robustness against IMM attacks across diverse LLMs, establishing a new paradigm for LLM safety mitigation.

We discuss the"Infinitely Many Meanings"attacks (IMM), a category of jailbreaks that leverages the increasing capabilities of a model to handle paraphrases and encoded communications to bypass their defensive mechanisms. IMMs' viability pairs and grows with a model's capabilities to handle and bind the semantics of simple mappings between tokens and work extremely well in practice, posing a concrete threat to the users of the most powerful LLMs in commerce. We show how one can bypass the safeguards of the most powerful open- and closed-source LLMs and generate content that explicitly violates their safety policies. One can protect against IMMs by improving the guardrails and making them scale with the LLMs' capabilities. For two categories of attacks that are straightforward to implement, i.e., bijection and encoding, we discuss two defensive strategies, one in token and the other in embedding space. We conclude with some research questions we believe should be prioritised to enhance the defensive mechanisms of LLMs and our understanding of their safety.