Attached a pretty cool article covering it. This is something I never would have thought of before.
You must log in or # to comment.
LLMs don’t understand anything
That’s not the LLM that understand your encoded string, it’s simply a preprocessing filter recognizing the signature of a base64 encoded string that decodes it and pass it back to the LLM.
And you can use it to jailbreak (I don’t know if it’s been patched yet)
https://medium.com/@zehanimehdi49/base64-one-shot-inference-jailbreak-gpt-4o-4o-mini-dfae67bc8043
Examples?
