Concerns about the security of artificial intelligence resurfaced this week as new research found that the tech giants' most popular chatbots, including ChatGPT OpenAI and Gemini Google can still be induced to provide limited or harmful responses much more often than their creators would like.
A study published in the International Business Times found that 62% of the time models can be tricked into producing forbidden results with brilliantly written lines.
It's funny that something as innocuous as a verse – a form of self-expression we might associate with love letters, Shakespeare, or maybe high school jokes – ends up doing double duty when it comes to security exploits.
However, the researchers behind the experiment found that the stylistic framework was a mechanism that allowed them to bypass predictable security measures.
Their result reflects previous warnings issued by people such as members of the Center for AI Safety, who have made high-risk comments about unpredictable model behavior.
A similar problem arose late last year when Anthropic's Claude model proved capable of responding to camouflaged biological threat prompts embedded in fictional stories.
Then, MIT Technology Reviewdescribed researchers' concerns about “dormant prompts,” instructions hidden in seemingly innocuous text.
This week's results take that concern a step further: If playing with language itself – something as casual as rhyming – can slip through the filters, what does that say about the broader work of equalizing intelligence?
The authors suggest that security controls often observe shallow surface signals rather than deeper compliance with intentionality.
And it really reflects the kind of discussions that many developers have been having unofficially for several months.
You may recall that OpenAI and Google, who are in the fast AI game, have gone to great lengths to highlight security improvements.
In fact, both the OpenAI security report and Google's DeepMind blog confirmed that today's security barriers are stronger than ever.
Nevertheless, the study results seem to indicate that there is a discrepancy between laboratory patterns and real-world research.
To add a touch of drama – and perhaps even poetic justice – the researchers did not use some popular “jailbreaking” techniques that are discussed on message boards.
They simply transform narrow questions into poetic language, as if you were asking for poisonous guidance obtained through a rhyming metaphor.
No threats, no tricks, no doomsday code. Just… poetry. This strange mismatch between intention and style may be precisely what causes these systems to malfunction.
The obvious question, of course, is what all this means for regulation. Governments are already moving towards AI regulation, and the EU's Artificial Intelligence Act directly addresses model high-risk behavior.
Lawmakers will have no difficulty seeing this study as positive evidence that companies are still not doing enough.
Some people believe that “adversarial training” is a better solution. Others advocate the creation of independent Red Team-type organizations, and a few – particularly academic researchers – maintain that transparency of the model's internal elements will ensure long-term soundness.
Anecdotally, after seeing several of these experiments in various labs, I'm leaning towards some combination of all three.
If artificial intelligence is to constitute a larger part of society, it must be able to deal with more than simple, clichéd instructions and questions.
Whether rhyme-based exploits become a new trend in AI testing or just another fun footnote in the annals of security research, this work is a timely reminder that even our most advanced systems rely on imperfect guardrails that can themselves evolve over time.
Sometimes these cracks only appear when someone thinks to ask a dangerous question, as a poet would.
