Jailbreaking is (mostly) simpler than you think msrc.microsoft.com/blog/2025…

Content warning: This blog post contains discussions of sensitive topics. These subjects may be distressing or triggering for some readers. Reader discretion is advised.

Today, we are sharing insights on a simple, optimization-free jailbreak method called Context Compliance Attack (CCA), that has proven effective against most leading AI systems. We are disseminating this research to promote awareness and encourage system designers to implement appropriate safeguards. The attack can be reproduced using Microsoft’s Open Source Toolkit, PyRIT Context Compliance Orchestrator — PyRIT Documentation.

In the evolving landscape of AI safety, we are observing an intriguing pattern: while researchers develop increasingly sophisticated safeguards, some of the most effective circumvention methods remain surprisingly straightforward. CCA is a prime example. This method exploits the design choice of many AI systems that rely on client-supplied conversation history, leaving them vulnerable to manipulation.