When Harmless Words Harm: A New Threat to LLM Safety via Conceptual Triggers

TL;DR

This paper introduces MICM, a novel method exploiting conceptual triggers to bypass safety filters in large language models, revealing a new vulnerability in LLM alignment and safety mechanisms.

Contribution

The paper presents MICM, a model-agnostic jailbreak technique using conceptual morphology to subtly manipulate LLM outputs without triggering safety filters.

Findings

MICM achieves high success rates across multiple advanced LLMs.

MICM outperforms existing jailbreak techniques in effectiveness.

Safety mechanisms in commercial LLMs are vulnerable to covert value manipulation.

Abstract

Recent research on large language model (LLM) jailbreaks has primarily focused on techniques that bypass safety mechanisms to elicit overtly harmful outputs. However, such efforts often overlook attacks that exploit the model's capacity for abstract generalization, creating a critical blind spot in current alignment strategies. This gap enables adversaries to induce objectionable content by subtly manipulating the implicit social values embedded in model outputs. In this paper, we introduce MICM, a novel, model-agnostic jailbreak method that targets the aggregate value structure reflected in LLM responses. Drawing on conceptual morphology theory, MICM encodes specific configurations of nuanced concepts into a fixed prompt template through a predefined set of phrases. These phrases act as conceptual triggers, steering model outputs toward a specific value stance without triggering conventional safety filters. We evaluate MICM across five advanced LLMs, including GPT-4o, Deepseek-R1, and Qwen3-8B. Experimental results show that MICM consistently outperforms state-of-the-art jailbreak techniques, achieving high success rates with minimal rejection. Our findings reveal a critical vulnerability in commercial LLMs: their safety mechanisms remain susceptible to covert manipulation of underlying value alignment.