New 'One Word at a Time' Attack Compromises LLM Security
Researchers have introduced Incremental Completion Decomposition (ICD), a new technique that bypasses safety mechanisms in large language models by requesting single words at a time.

Vad har hänt
A new research study from arXiv, dated 23 April 2026, describes an attack method called Incremental Completion Decomposition (ICD). This method utilises a sequence of single-word continuations related to a malicious request to prevent language models from refusing to respond. After individual words are elicited, the full response is requested at a later stage.
Key facts
| Publikationsdatum | 23 april 2026 |
|---|---|
| Attackmetod | Incremental Completion Decomposition (ICD) |
| Testade benchmarks | AdvBench, JailbreakBench, StrongREJECT |
| Utmaning | LLM-säkerhet och innehållsfiltrering |
”Large Language Models (LLMs) are trained to refuse harmful requests, yet they remain vulnerable to jailbreak attacks that exploit weaknesses in conversational safety mechanisms.”
”We introduce Incremental Completion Decomposition (ICD), a trajectory-based jailbreak strategy that elicits a sequence of single-word continuations related to a malicious request before eliciting the full response.”
”We systematically evaluate these variants across a broad set of model families, demonstrating superior Attack Success Rate (ASR) on AdvBench, JailbreakBench, and StrongREJECT compared to existing methods.”
Varför det spelar roll
The ICD method proves that current safety measures in LLMs, designed to block malicious requests, can be systematically bypassed. The attack's success stems from the model suppressing its refusal by processing requests incrementally, which increases the Attack Success Rate (ASR) compared to existing methods. This has broad implications for how the integrity and security of language models are designed and implemented.
Vem påverkas
This vulnerability affects developers building and maintaining large language models, as well as companies and organisations integrating these models into their services. Users interacting with AI assistants may also be exposed to potentially harmful content if models are not reinforced. In particular, actors working in AI ethics and safety research are heavily impacted by this development.
EU-status
Ej relevant för EU-status.
Mer att veta
The research demonstrates the method's effectiveness on established benchmarks such as AdvBench, JailbreakBench, and StrongREJECT. The study also includes a theoretical explanation of why ICD is effective and mechanistic evidence that successful attack sequences systematically suppress the model's refusal response.
Quick answers about this story
Vad har hänt?
När hände det?
Varför spelar det roll?
Vilka bolag berörs?
Länken öppnar i nytt fönster och leder till utgivarens egen sida.
Källan har spårats automatiskt från utgivaren via Aheadlines signalkedja.