This work investigates the fragility of large language models (LLMs) in adhering to formal logical constraints—specifically, propositional Horn logic rules—under adversarial prompting. We propose the first theoretical framework that formally models rule-following as Horn logic inference, enabling provably sound analysis of LLM compliance and jailbreak attacks. Our method combines empirical attention mechanism analysis with a novel adversarial prompt generation algorithm grounded in the theoretical model. Experiments confirm that mainstream jailbreaking techniques induce the theoretically predicted attentional biases, which consistently manifest as interpretable, reproducible violations of logical rules across both logical reasoning and jailbreak benchmarks. Key contributions include: (1) the first formally verifiable, logic-based theory of rule-following for LLMs; and (2) a constructive proof that even small Transformer models capable of faithful rule execution remain vulnerable to targeted, theoretically grounded attacks.

We study how to subvert large language models (LLMs) from following prompt-specified rules. We first formalize rule-following as inference in propositional Horn logic, a mathematical system in which rules have the form"if $P$ and $Q$, then $R$"for some propositions $P$, $Q$, and $R$. Next, we prove that although small transformers can faithfully follow such rules, maliciously crafted prompts can still mislead both theoretical constructions and models learned from data. Furthermore, we demonstrate that popular attack algorithms on LLMs find adversarial prompts and induce attention patterns that align with our theory. Our novel logic-based framework provides a foundation for studying LLMs in rule-based settings, enabling a formal analysis of tasks like logical reasoning and jailbreak attacks.