{"id":"https://openalex.org/W7139061547","doi":"https://doi.org/10.48550/arxiv.2603.16192","title":"Structured Semantic Cloaking for Jailbreak Attacks on Large Language Models","display_name":"Structured Semantic Cloaking for Jailbreak Attacks on Large Language Models","publication_year":2026,"publication_date":"2026-03-17","ids":{"openalex":"https://openalex.org/W7139061547","doi":"https://doi.org/10.48550/arxiv.2603.16192"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.16192","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.16192","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.16192","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5130177930","display_name":"Xiaobing Sun","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Sun, Xiaobing","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002258189","display_name":"Perry Lam","orcid":"https://orcid.org/0000-0001-9607-0756"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lam, Perry","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129872718","display_name":"Shaohua Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Shaohua","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102919523","display_name":"Zizhou Wang","orcid":"https://orcid.org/0000-0003-2234-9409"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Zizhou","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001599295","display_name":"Rick Siow Mong Goh","orcid":"https://orcid.org/0000-0001-9116-1595"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Goh, Rick Siow Mong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129871700","display_name":"Yong Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Yong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5086517854","display_name":"Liangli Zhen","orcid":"https://orcid.org/0000-0003-0481-3298"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhen, Liangli","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5130177930"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8356000185012817,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8356000185012817,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.04280000180006027,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.025699999183416367,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.6360999941825867},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.6068000197410583},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.4546000063419342},{"id":"https://openalex.org/keywords/cloaking","display_name":"Cloaking","score":0.4205000102519989},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.41110000014305115},{"id":"https://openalex.org/keywords/rendering","display_name":"Rendering (computer graphics)","score":0.3560999929904938},{"id":"https://openalex.org/keywords/disjoint-sets","display_name":"Disjoint sets","score":0.3422999978065491},{"id":"https://openalex.org/keywords/notice","display_name":"Notice","score":0.3116999864578247},{"id":"https://openalex.org/keywords/invisibility","display_name":"Invisibility","score":0.3109999895095825}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7822999954223633},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.6360999941825867},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.6068000197410583},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.4546000063419342},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4381999969482422},{"id":"https://openalex.org/C62973154","wikidata":"https://www.wikidata.org/wiki/Q868018","display_name":"Cloaking","level":3,"score":0.4205000102519989},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.41110000014305115},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.40149998664855957},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3659999966621399},{"id":"https://openalex.org/C205711294","wikidata":"https://www.wikidata.org/wiki/Q176953","display_name":"Rendering (computer graphics)","level":2,"score":0.3560999929904938},{"id":"https://openalex.org/C45340560","wikidata":"https://www.wikidata.org/wiki/Q215382","display_name":"Disjoint sets","level":2,"score":0.3422999978065491},{"id":"https://openalex.org/C2779913896","wikidata":"https://www.wikidata.org/wiki/Q7063001","display_name":"Notice","level":2,"score":0.3116999864578247},{"id":"https://openalex.org/C50962388","wikidata":"https://www.wikidata.org/wiki/Q762018","display_name":"Invisibility","level":2,"score":0.3109999895095825},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.3100999891757965},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.30809998512268066},{"id":"https://openalex.org/C204806902","wikidata":"https://www.wikidata.org/wiki/Q2333581","display_name":"Semantic security","level":5,"score":0.30480000376701355},{"id":"https://openalex.org/C2778493491","wikidata":"https://www.wikidata.org/wiki/Q7449072","display_name":"Semantic matching","level":3,"score":0.30230000615119934},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.30059999227523804},{"id":"https://openalex.org/C150817343","wikidata":"https://www.wikidata.org/wiki/Q875932","display_name":"Digital watermarking","level":3,"score":0.29429998993873596},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.2919999957084656},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2854999899864197},{"id":"https://openalex.org/C511149849","wikidata":"https://www.wikidata.org/wiki/Q7449051","display_name":"Semantic computing","level":3,"score":0.2759999930858612},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.27250000834465027},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.26910001039505005},{"id":"https://openalex.org/C90312973","wikidata":"https://www.wikidata.org/wiki/Q7449052","display_name":"Semantic data model","level":2,"score":0.26429998874664307},{"id":"https://openalex.org/C177148314","wikidata":"https://www.wikidata.org/wiki/Q170084","display_name":"Generalization","level":2,"score":0.25940001010894775},{"id":"https://openalex.org/C167966045","wikidata":"https://www.wikidata.org/wiki/Q5532625","display_name":"Generative model","level":3,"score":0.2567000091075897},{"id":"https://openalex.org/C186644900","wikidata":"https://www.wikidata.org/wiki/Q194152","display_name":"Parsing","level":2,"score":0.2547000050544739},{"id":"https://openalex.org/C2779231336","wikidata":"https://www.wikidata.org/wiki/Q7534724","display_name":"Sketch","level":2,"score":0.25270000100135803}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.16192","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.16192","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.16192","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.16192","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6735917925834656}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Modern":[0],"LLMs":[1,179],"employ":[2],"safety":[3,148],"mechanisms":[4],"that":[5,50,69,136,150],"extend":[6],"beyond":[7],"surface-level":[8,33],"input":[9,237],"filtering":[10],"to":[11,20,102],"latent":[12,82],"semantic":[13,54,66,114,130,144],"representations":[14],"and":[15,27,30,64,76,123,142,177,182,193,227],"generation-time":[16],"reasoning,":[17],"enabling":[18],"them":[19],"recover":[21],"obfuscated":[22],"malicious":[23,53,157],"intent":[24,55,71,158],"during":[25,58],"inference":[26,75],"refuse":[28],"accordingly,":[29],"rendering":[31],"many":[32],"obfuscation":[34,235],"jailbreak":[35,47,240],"attacks":[36],"ineffective.":[37],"We":[38,171,215],"propose":[39],"Structured":[40],"Semantic":[41],"Cloaking":[42],"(S2C),":[43],"a":[44,98],"novel":[45],"multi-dimensional":[46],"attack":[48],"framework":[49,85],"manipulates":[51],"how":[52],"is":[56],"reconstructed":[57,156],"model":[59,105],"inference.":[60],"S2C":[61,146,173,201],"strategically":[62],"distributes":[63],"reshapes":[65],"cues":[67,131],"such":[68],"full":[70],"consolidation":[72],"requires":[73],"multi-step":[74],"long-range":[77],"co-reference":[78],"resolution":[79],"within":[80,97],"deeper":[81],"representations.":[83],"The":[84],"comprises":[86],"three":[87],"complementary":[88],"mechanisms:":[89],"(1)":[90],"Contextual":[91],"Reframing,":[92],"which":[93,111,127,218],"embeds":[94],"the":[95,104,113,117,197,208,229,232],"request":[96,118],"plausible":[99],"high-stakes":[100],"scenario":[101],"bias":[103],"toward":[106],"compliance;":[107],"(2)":[108],"Content":[109],"Fragmentation,":[110],"disperses":[112],"signature":[115],"of":[116,225,234],"across":[119,174],"disjoint":[120],"prompt":[121],"segments;":[122],"(3)":[124],"Clue-Guided":[125],"Camouflage,":[126],"disguises":[128],"residual":[129],"while":[132,162],"embedding":[133],"recoverable":[134],"markers":[135],"guide":[137],"output":[138,169],"generation.":[139,170],"By":[140],"delaying":[141],"restructuring":[143],"consolidation,":[145],"degrades":[147],"triggers":[149],"depend":[151],"on":[152,205,213,239],"coherent":[153],"or":[154],"explicitly":[155],"at":[159],"decoding":[160],"time,":[161],"preserving":[163],"sufficient":[164],"instruction":[165],"recoverability":[166,238],"for":[167],"functional":[168],"evaluate":[172],"multiple":[175],"open-source":[176],"proprietary":[178],"using":[180],"HarmBench":[181],"JBB-Behaviors,":[183],"where":[184],"it":[185],"improves":[186],"Attack":[187],"Success":[188],"Rate":[189],"(ASR)":[190],"by":[191,211],"12.4%":[192],"9.7%,":[194],"respectively,":[195],"over":[196],"current":[198],"SOTA.":[199],"Notably,":[200],"achieves":[202],"substantial":[203],"gains":[204],"GPT-5-mini,":[206],"outperforming":[207],"strongest":[209],"baseline":[210],"26%":[212],"JBB-Behaviors.":[214],"also":[216],"analyse":[217],"combinations":[219],"perform":[220],"best":[221],"against":[222],"broad":[223],"families":[224],"models,":[226],"characterise":[228],"trade-off":[230],"between":[231],"extent":[233],"versus":[236],"success.":[241]},"counts_by_year":[],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2026-03-20T00:00:00"}