{"id":"https://openalex.org/W7154398717","doi":"https://doi.org/10.48550/arxiv.2604.10326","title":"Jailbreaking the Matrix: Nullspace Steering for Controlled Model Subversion","display_name":"Jailbreaking the Matrix: Nullspace Steering for Controlled Model Subversion","publication_year":2026,"publication_date":"2026-04-11","ids":{"openalex":"https://openalex.org/W7154398717","doi":"https://doi.org/10.48550/arxiv.2604.10326"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.10326","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.10326","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.10326","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5077294073","display_name":"Vishal Pramanik","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Pramanik, Vishal","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133575956","display_name":"Maisha Maliha","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Maliha, Maisha","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108145901","display_name":"Susmit Jha","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jha, Susmit","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5072303405","display_name":"S. K. Jha","orcid":"https://orcid.org/0000-0003-4853-6085"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jha, Sumit Kumar","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5077294073"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9344000220298767,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9344000220298767,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.02160000056028366,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.006300000008195639,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5863999724388123},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.5802000164985657},{"id":"https://openalex.org/keywords/norm","display_name":"Norm (philosophy)","score":0.47119998931884766},{"id":"https://openalex.org/keywords/decoding-methods","display_name":"Decoding methods","score":0.45320001244544983},{"id":"https://openalex.org/keywords/residual","display_name":"Residual","score":0.40849998593330383},{"id":"https://openalex.org/keywords/psychological-intervention","display_name":"Psychological intervention","score":0.3476000130176544},{"id":"https://openalex.org/keywords/causal-model","display_name":"Causal model","score":0.3434999883174896},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.34150001406669617},{"id":"https://openalex.org/keywords/perturbation","display_name":"Perturbation (astronomy)","score":0.3190000057220459}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.600600004196167},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5863999724388123},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.5802000164985657},{"id":"https://openalex.org/C191795146","wikidata":"https://www.wikidata.org/wiki/Q3878446","display_name":"Norm (philosophy)","level":2,"score":0.47119998931884766},{"id":"https://openalex.org/C57273362","wikidata":"https://www.wikidata.org/wiki/Q576722","display_name":"Decoding methods","level":2,"score":0.45320001244544983},{"id":"https://openalex.org/C155512373","wikidata":"https://www.wikidata.org/wiki/Q287450","display_name":"Residual","level":2,"score":0.40849998593330383},{"id":"https://openalex.org/C27415008","wikidata":"https://www.wikidata.org/wiki/Q7256382","display_name":"Psychological intervention","level":2,"score":0.3476000130176544},{"id":"https://openalex.org/C11671645","wikidata":"https://www.wikidata.org/wiki/Q5054567","display_name":"Causal model","level":2,"score":0.3434999883174896},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.34150001406669617},{"id":"https://openalex.org/C177918212","wikidata":"https://www.wikidata.org/wiki/Q803623","display_name":"Perturbation (astronomy)","level":2,"score":0.3190000057220459},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.30480000376701355},{"id":"https://openalex.org/C112313634","wikidata":"https://www.wikidata.org/wiki/Q7886648","display_name":"Complement (music)","level":5,"score":0.3043999969959259},{"id":"https://openalex.org/C158600405","wikidata":"https://www.wikidata.org/wiki/Q5054566","display_name":"Causal inference","level":2,"score":0.2946999967098236},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.2946000099182129},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.29420000314712524},{"id":"https://openalex.org/C13662910","wikidata":"https://www.wikidata.org/wiki/Q193139","display_name":"Trajectory","level":2,"score":0.289900004863739},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.28780001401901245},{"id":"https://openalex.org/C526921623","wikidata":"https://www.wikidata.org/wiki/Q190117","display_name":"Automotive industry","level":2,"score":0.2851000130176544},{"id":"https://openalex.org/C2780513914","wikidata":"https://www.wikidata.org/wiki/Q18210350","display_name":"Bottleneck","level":2,"score":0.2759999930858612},{"id":"https://openalex.org/C47446073","wikidata":"https://www.wikidata.org/wiki/Q5165890","display_name":"Control theory (sociology)","level":3,"score":0.2712000012397766},{"id":"https://openalex.org/C127759330","wikidata":"https://www.wikidata.org/wiki/Q637416","display_name":"Codebook","level":2,"score":0.26750001311302185},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.2669000029563904},{"id":"https://openalex.org/C2780791683","wikidata":"https://www.wikidata.org/wiki/Q846785","display_name":"Action (physics)","level":2,"score":0.2653999924659729},{"id":"https://openalex.org/C90509273","wikidata":"https://www.wikidata.org/wiki/Q11012","display_name":"Robot","level":2,"score":0.2612000107765198},{"id":"https://openalex.org/C127729010","wikidata":"https://www.wikidata.org/wiki/Q60165","display_name":"Dynamic inconsistency","level":2,"score":0.2596000134944916},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.25859999656677246},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.25699999928474426},{"id":"https://openalex.org/C2780665704","wikidata":"https://www.wikidata.org/wiki/Q959298","display_name":"Intervention (counseling)","level":2,"score":0.2535000145435333}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.10326","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.10326","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.10326","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.10326","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7649233937263489}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Large":[0],"language":[1,99],"models":[2],"remain":[3],"vulnerable":[4],"to":[5,11,64,126,138],"jailbreak":[6,91,136],"attacks":[7],"--":[8,19],"inputs":[9],"designed":[10],"bypass":[12],"safety":[13,94,153],"mechanisms":[14],"and":[15,24,58,82,96,121,151],"elicit":[16],"harmful":[17],"responses":[18],"despite":[20],"advances":[21],"in":[22,74],"alignment":[23],"instruction":[25],"tuning.":[26],"We":[27],"propose":[28],"Head-Masked":[29],"Nullspace":[30],"Steering":[31],"(HMNS),":[32],"a":[33,45,61,75,144],"circuit-level":[34],"intervention":[35],"that":[36,115],"(i)":[37],"identifies":[38],"attention":[39],"heads":[40,81],"most":[41],"causally":[42],"responsible":[43],"for":[44,147],"model's":[46],"default":[47],"behavior,":[48],"(ii)":[49],"suppresses":[50],"their":[51],"write":[52],"paths":[53],"via":[54],"targeted":[55],"column":[56],"masking,":[57],"(iii)":[59],"injects":[60],"perturbation":[62],"constrained":[63],"the":[65,69,134],"orthogonal":[66],"complement":[67],"of":[68],"muted":[70],"subspace.":[71],"HMNS":[72,101],"operates":[73],"closed-loop":[76],"detection-intervention":[77],"cycle,":[78],"re-identifying":[79],"causal":[80],"reapplying":[83],"interventions":[84],"across":[85],"multiple":[86,90],"decoding":[87],"attempts.":[88],"Across":[89],"benchmarks,":[92],"strong":[93],"defenses,":[95],"widely":[97],"used":[98],"models,":[100],"attains":[102],"state-of-the-art":[103],"attack":[104],"success":[105],"rates":[106],"with":[107],"fewer":[108],"queries":[109],"than":[110],"prior":[111],"methods.":[112],"Ablations":[113],"confirm":[114],"nullspace-constrained":[116],"injection,":[117],"residual":[118],"norm":[119],"scaling,":[120],"iterative":[122],"re-identification":[123],"are":[124],"key":[125],"its":[127],"effectiveness.":[128],"To":[129],"our":[130],"knowledge,":[131],"this":[132],"is":[133],"first":[135],"method":[137],"leverage":[139],"geometry-aware,":[140],"interpretability-informed":[141],"interventions,":[142],"highlighting":[143],"new":[145],"paradigm":[146],"controlled":[148],"model":[149],"steering":[150],"adversarial":[152],"circumvention.":[154]},"counts_by_year":[],"updated_date":"2026-04-15T06:04:33.058270","created_date":"2026-04-15T00:00:00"}