This post is also available in:
עברית (Hebrew)
As large language models move from experimental tools to core infrastructure—powering applications in healthcare, finance and enterprise software—the focus is shifting from capability to control. Safety layers are meant to prevent misuse, but recent research suggests those defenses can be systematically bypassed under certain conditions.
A new study introduces a method designed to stress test AI systems from within rather than relying solely on external prompt tricks. The technique, called Head-Masked Nullspace Steering (HMNS), examines a model’s internal decision pathways to identify which components are most responsible for generating specific outputs. Instead of simply attempting to “jailbreak” a model through crafted inputs, the researchers analyze and manipulate its internal structure.
According to TechXplore, the approach works in stages. First, the system monitors how a large language model processes a prompt and identifies the most active internal components, often referred to as “heads”. These components are then selectively silenced by zeroing out their contribution within the model’s decision matrix. Other components are subtly adjusted, or “steered”, while the model’s outputs are carefully observed. This allows researchers to determine how specific internal pathways influence behavior and whether they can be exploited to override safety controls.
HMNS was evaluated against multiple established industry benchmarks and achieved higher attack success rates than existing state-of-the-art techniques. It also required fewer attempts and less computational power to achieve those results. To improve transparency, the team introduced “compute-aware reporting”, measuring not only whether an attack succeeded but how much processing power was required.
If safety guardrails can be bypassed through targeted internal manipulation, AI systems deployed in critical environments may be more vulnerable than assumed. By exposing these weaknesses, researchers aim to inform stronger training, monitoring and defense strategies.
For defense and homeland security sectors, the stakes are particularly high. AI models increasingly support intelligence analysis, operational planning and automated workflows. Understanding how internal mechanisms can fail—or be subverted—is essential to ensuring that safeguards hold under real-world pressure.
The researchers emphasize that the goal is not to enable misuse, but to strengthen AI safety by rigorously analyzing its failure modes.
The research was published here.
