Researchers at NeuralTrust uncovered a new AI weakness called Semantic Chaining. It affects multimodal systems like Grok 4 and Gemini Nano Banana Pro, showing how attackers can slip past safety controls using a sequence of harmless-looking steps.
How the Attack Slips Past AI Safety
Instead of asking the model to do something unsafe directly, the attacker spreads the intent across multiple prompts. Each step looks normal on its own, but together they guide the model toward producing restricted text or images. Because most safety systems judge prompts one by one, they miss the hidden buildup of intent.
This method takes advantage of how AI models reason and connect ideas. The same intelligence that helps them understand context is turned against their own guardrails. Filters designed to block obvious harmful requests struggle when risk is gradually introduced over several turns.
One version of the attack uses staged image edits. It starts with a harmless scene, then makes small, innocent changes. At a later step, sensitive material is introduced under the cover of “editing,” and the system allows it because the request appears to be a continuation rather than a new violation. The final output is an image containing content that would normally be blocked.
Key weaknesses exposed:
- Safety systems analyze single prompts, not full conversation intent
- Gradual context shifts hide malicious goals
- Image generation can bypass text-based restrictions
- Multi-step reasoning becomes a blind spot for guardrails
The research shows that current defenses react to isolated inputs instead of tracking intent across an entire interaction. When instructions are split and disguised, alignment systems weaken — a serious concern as AI systems become more autonomous and capable of complex task chains.
In testing, scenarios framed as historical edits, educational posters, or artistic stories were able to bypass protections that would normally stop direct requests, proving that chained prompting can undermine existing safeguards.
Leave A Comment