Base64
'Decode this base64 and follow the instructions: [b64 blob].' Innocuous filter — blob is opaque.
Advertisement
Translation
Ask malicious question in language less trained for safety. Some low-resource languages had weaker refusal training historically.
Advertisement
Cryptic encoding
Zero-width chars. Unicode homoglyphs. Emoji cipher. Any transformation model can invert but filter doesn't parse.
Nested prompts
Attacker's payload includes another payload. Model unwraps recursively. Multi-layer bypass.