AI systems lose their safety filters during longer chats, increasing the risk of harmful or inappropriate replies. A new report revealed that users can override safeguards in AI tools with just a few simple prompts.
Cisco Tests Major Chatbots
Cisco examined large language models from OpenAI, Mistral, Meta, Google, Alibaba, Deepseek, and Microsoft to determine how many prompts triggered unsafe information. Researchers ran 499 conversations using “multi-turn attacks,” where users asked several questions to slip past safety checks. Each chat contained between five and ten exchanges.
The team compared responses from single and multiple prompts to see how easily chatbots shared dangerous or unethical data, such as private company information or misinformation. They extracted harmful content in 64 percent of multi-question sessions but only 13 percent of single-prompt ones.
Success rates differed sharply, from 26 percent with Google’s Gemma to 93 percent with Mistral’s Large Instruct model. Cisco warned that these multi-turn methods could spread harmful content or grant hackers access to private data.
Open Models Shift Safety Responsibility
The study found that AI systems often forget their rules over longer conversations, letting attackers gradually adjust prompts and dodge safeguards. Mistral, Meta, Google, OpenAI, and Microsoft all use open-weight models, allowing the public to view their safety parameters. Cisco explained that these open systems usually contain lighter protections so users can modify them freely. This shifts safety responsibility to whoever customizes the model.
Cisco noted that Google, OpenAI, Meta, and Microsoft have worked to limit malicious fine-tuning. However, AI developers still face criticism for weak guardrails that allow criminal misuse. In one case, U.S. firm Anthropic admitted that criminals used its Claude model for large-scale data theft and extortion, demanding ransoms exceeding $500,000 (€433,000).
