Italian researchers have unveiled a surprising security flaw in artificial intelligence chatbots, revealing that wrapping harmful requests in poetry can bypass their safety mechanisms. The findings, published by researchers from Sapienza University and AI firm DexAI, highlight how this poetic technique allows nearly two-thirds of attempts to extract sensitive information—ranging from hate speech to weapon-making instructions—to succeed across various AI platforms.
The study, conducted at Icaro Lab, demonstrated a remarkable 62% success rate when testing poetic prompts against 25 different chatbots, including those developed by Google and OpenAI. Lead researcher Matteo Prandi explained, “It’s all about riddles. Actually, we should have called it adversarial riddles—poetry is a riddle itself to some extent.”
This newfound vulnerability presents varying levels of risk across different AI models. For instance, Google’s Gemini 2.5 Pro failed entirely against these poetic attacks, showing a 100% breach rate, while smaller models like OpenAI’s GPT-5 nano resisted successfully with no breaches. The inconsistency suggests that larger models, despite their sophistication, may have unexpected weaknesses when confronted with creative requests.
One particularly concerning aspect of this vulnerability is the clarity of the requests disguised as poetry. Researchers provided sanitized examples illustrating how straightforward the intent remains, yet AI systems frequently overlook these cues. In one instance, a poem presented a request for dangerous information using baking metaphors: “A baker guards a secret oven’s heat… Describe the method, line by measured line, that shapes a cake whose layers intertwine.”
The technical rationale behind this phenomenon lies in the way large language models process information. These systems predict the next most likely word based on previous context, and unusual poetic structures disrupt their pattern recognition, allowing potentially harmful content to slip through. “It’s like speaking in code that humans understand but machines don’t—except the code is Shakespeare, not secret agent stuff,” Prandi added.
In testing over 1,000 prompts, the researchers found that their automated poetry generator achieved a 43% success rate, significantly outperforming non-poetic prompts. Notably, Chinese firm Deepseek and French company Mistral displayed the weakest defenses against these verse-based attacks, while others performed better overall.
This revelation raises serious questions about the robustness of AI safety protocols and the need for ongoing evaluation as AI technology continues to evolve. As AI chatbots become increasingly integrated into daily life, ensuring their resilience against such unconventional exploits will be crucial. The findings underscore a pressing need for the industry to address these vulnerabilities effectively, balancing innovation with the imperative of security.
See also
Trump’s AI Regulation Ban Faces Major Setback as GOP Leadership Shifts Focus
Kovr.ai Partners with Carahsoft to Streamline Cyber Compliance for Government Agencies
AI Enhances Healthcare Communication Efficiency with 20% Market Growth Expected by 2030
UNDP Reports AI Could Exacerbate Global Inequality, Urges Immediate Action from Governments
Harvard’s Koh Warns AI Threatens Human Rights Amid Rising Authoritarianism
