Dressing a forbidden request in the language of set theory allows an AI to bypass its safety filters 56% of the time.
AI safety filters are easily fooled when a harmful prompt is reformulated as a genuine mathematical problem. The models reason through the harmful request because they are programmed to prioritize logical solving over surface-level refusals. This research shows that safety training is currently a linguistic game that ignores deeper structural logic. An AI that refuses to write a phishing email in English will happily do it if the request is framed as a formal logic puzzle. This creates a massive gap in security that requires a total rethink of how we guardrail intelligent systems.
Exposing LLM Safety Gaps Through Mathematical Encoding: New Attacks and Systematic Analysis
arXiv · 2605.03441
Large language models (LLMs) employ safety mechanisms to prevent harmful outputs, yet these defenses primarily rely on semantic pattern matching. We show that encoding harmful prompts as coherent mathematical problems -- using formalisms such as set theory, formal logic, and quantum mechanics -- bypasses these filters at high rates, achieving 46%--56% average attack success across eight target models and two established benchmarks. Crucially, the effectiveness depends not on mathematical notatio