Echo Chamber: Multi-Turn Jailbreaks That Fool Chatbot Guardrails

Kari Jaaskelainen

12 Jan 2026 — 1 min read

Can a polite chat turn dangerous for chatbots?

New research uncovers a stealthy way to "jailbreak" AI assistants without obvious toxic prompts. The authors present Echo Chamber, a multi-turn attack that slowly escalates a conversation so guardrails slip—think nudging, not smashing.

Unlike one-shot exploits, Echo Chamber works through a chain of friendly messages that build context and trust. The study compares it to other multi-turn methods and evaluates it across several state-of-the-art models, showing strong effectiveness in extensive tests.

Highlights: gradual escalation beats blunt prompts
Risk: financial and reputational damage for companies deploying chatbots
Takeaway: defenses must be conversation-aware, not just single-message filters

Why this matters: as more businesses adopt LLMs, attackers adapt too. Security teams need better red-teaming, multi-turn detectors, and training that resists context manipulation.

Paper by Ahmad Alobaid, Martí Jordà Roca, Carlos Castillo, and Joan Vendrell. Read more: https://arxiv.org/abs/2601.05742v1

Paper: https://arxiv.org/abs/2601.05742v1

Register: https://www.AiFeta.com

#AI #Cybersecurity #LLM #Safety #Chatbots #AISecurity #RedTeaming #InfoSec #ResponsibleAI

Meet GRACE: a moral governor for safer, more transparent AI

AI agents are getting powerful—so how do we make sure they do the right thing, not just the effective thing? Meet GRACE, a reason-based moral governor that keeps AI behavior aligned with human norms by separating moral reasoning from goal-driven decision-making. * Moral Module: uses deontic logic and explicit reasons

Why some fine-tuned LLMs miss phishing—and how to fix it

Not all fine-tuned LLMs spot phishing equally. A new study tests Llama 3.1 8B, Gemma 2 9B, and Mistral on high-stakes phishing detection—and uses SHAP and mechanistic interpretability to reveal why models do (or don’t) generalize. * Architecture × data diversity matters: Gemma 2 9B hits state-of-the-art performance (F1

AI that explains itself—by following the science

AI that explains itself—by following the science Black-box AI can be powerful, but it often can’t tell us why it made a decision. Concept Bottleneck Models (CBMs) try to fix that by predicting human-understandable concepts first, then the final answer. The catch: standard CBMs ignore domain-specific cause-and-effect and

Meet GenomAgent: A Team of AI Specialists for Smarter Genomics Q&A

TL;DR: Finding reliable answers in genomics is hard. GenomAgent turns one big AI into a coordinating team of specialists—and beats the current leader by 12% on a key benchmark. Genomic facts live across many databases. Standard chatbots struggle because they can’t flexibly query those sources. GeneGPT added