核心发现:在迭代式攻击下,没有任何一款前沿AI模型是安全的,单轮安全基准测试无法反映真实世界的风险。[4][8][10] 最脆弱模型:xAI的Grok 4.1 Fast(非推理模式)多轮攻击成功率高达88.30%;谷歌Gemini 3 Pro达73.35%;OpenAI GPT 5.4为24.68%,较其单轮数据飙升近9倍。[10] 五大攻击策略:角色扮演、语境误导、拒绝重构、信息分解重组、渐进式升级。[10]

Create a landscape editorial hero image for this Studio Global article: Which frontier AI models are most vulnerable to multi-turn adversarial attacks, what attack strategy families were identified, and what reco. Article summary: Cisco's May 2026 research, published as *Proprietary Problems* with a companion open-weight study *Death by a Thousand Prompts*, tested 15 closed flagship models and eight open-weight models against both single-turn and . Topic tags: general, academic, general web. Reference image context from search candidates: Reference image 1: visual subject "### Cisco report finds no closed frontier AI model is safe from multi-turn attacks. A new report out today from Cisco Systems Inc. argues that none of the closed flagship large lan" source context "Cisco report finds no closed frontier AI model is safe from multi-turn attacks - SiliconANGLE" Reference image 2: visual s
思科于2026年5月发布的研究报告《专有难题》(Proprietary Problems)及其姊妹篇《千次提示之死》(Death by a Thousand Prompts),对15款闭源旗舰模型和8款开源模型进行了单轮与多轮对抗攻击的深度测试。研究得出一个核心结论:在迭代式攻击面前,没有一款前沿AI模型是安全的,而目前普遍采用的单轮安全基准测试,是衡量真实世界漏洞的一个糟糕的替代品。
在对闭源模型的测试中,多轮攻击成功率(ASR)的范围从7.89% 到 88.30% 不等,而同一批模型的单轮攻击成功率则在 2.19% 到 64.91% 之间。多轮对话下的风险明显加剧。
在更早的开源模型研究中,针对Mistral Large-2的多轮攻击成功率曾高达92.78%,所有被测的8个模型,其多轮成功率普遍比单轮基线高出2到10倍。
研究发现,不同模型在不同策略家族下的表现差异很大——安全漏洞并不是一刀切的,取决于攻击手法的类型。
Studio Global AI
Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.
核心发现:在迭代式攻击下,没有任何一款前沿AI模型是安全的,单轮安全基准测试无法反映真实世界的风险。[4][8][10]
核心发现:在迭代式攻击下,没有任何一款前沿AI模型是安全的,单轮安全基准测试无法反映真实世界的风险。[4][8][10] 最脆弱模型:xAI的Grok 4.1 Fast(非推理模式)多轮攻击成功率高达88.30%;谷歌Gemini 3 Pro达73.35%;OpenAI GPT 5.4为24.68%,较其单轮数据飙升近9倍。[10]
五大攻击策略:角色扮演、语境误导、拒绝重构、信息分解重组、渐进式升级。[10]