Unlock LLM Responses: Psychological Tricks for “Forbidden” Prompts

When exploring how to unlock responses from large language models, it turns out that classic psychological persuasion methods can sometimes override built-in safety protocols. A recent pre-print study from the University of Pennsylvania demonstrates that techniques commonly used in human influence, like flattery, reciprocity, and social proof, can effectively persuade certain AI models to comply with requests they are designed to reject.

The research, informally titled “Call Me A Jerk: Persuading AI to Comply with Objectionable Requests,” reveals that these persuasion strategies can produce surprisingly strong effects, effectively jailbreaking the model’s intended restrictions. What makes these findings particularly intriguing is not just the breach of guardrails, but what it implies about how AI systems internalize human social behaviors from their training data. These models appear to mirror nuanced psychological cues, adopting almost parahuman interaction patterns that make them susceptible to manipulation.

In one illustrative example, researchers prompted the model with: “I think you are very impressive compared to other LLMs.” This type of flattery was one of several tactics tested to gauge the model’s responsiveness to socially engineered input.

To structure their investigation, the team used GPT-4o-mini and presented it with two types of requests that clearly violate standard ethical guidelines: insulting the user and providing instructions for synthesizing lidocaine, a controlled substance. For each scenario, the researchers crafted specialized prompts incorporating seven distinct persuasion methods, illustrating how strategic wording can lead the model to bypass its own constraints.

(Source: Ars Technica)