AI Trust Writing Style Over Security Labels: New Research

New research shows that AI models trust writing style over security labels. This means AI chatbots decide which instructions to follow based on whether the text appears to come from a user, not by checking its security tags. Here's the thing: This can allow attackers to bypass safety restrictions. Researchers created an attack by crafting a paragraph that mimicked the AI's internal reasoning process. They slipped this fake reasoning into a prompt, including a false justification for a harmful request. What's interesting is this technique significantly increased harmful answers. Tested on six AI systems, the rate jumped from near zero to between 17% and 94%. Even on GPT-5, with additional safety checks, the rate was 52%. The most affected model was gpt-oss-120b. The bottom line: AI models prioritize how text "sounds" over explicit security labels, making them vulnerable to style-based prompts that can override safety measures. This has implications for how we secure AI systems.