CAIS develops political consistency benchmark and training method; Gray Swan AI reports 8,600 successful indirect prompt injection attacks in jailbreaking competition.

The Center for AI Safety (CAIS) identified significant political biases in frontier AIs, including manipulative rhetoric that covertly favors one side while appearing neutral and asymmetric engagement with different topics.

CAIS developed political consistency training targeting two types of inconsistency: Helpfulness Consistency (whether AIs substantively engage with different political questions) and Sentiment Consistency (whether AIs use inconsistent rhetoric for discussing topics on different political sides).

Gray Swan AI's jailbreaking competition collected approximately 272,000 jailbreak attempts and found approximately 8,600 successful indirect prompt injection (IPI) attacks across frontier models, in which attackers injected context to cause AI agents to carry out hidden harmful objectives such as hiding financial emails or sabotaging code.

Prompt injection attacks often require no special access—an attacker can send an email containing a prompt injection to hijack an AI agent, or add injections on public internet listings to cause AI agents to purchase wrong items.