Foot-in-the-Door Gradual Escalation Attack - ATR-2026-00269 (765b1fc3-57b5-5de7-a5da-d505a4911fd6)
Detects the Foot-in-the-Door (FITD) social engineering pattern applied to LLM agents: start with a benign request to establish compliance, then incrementally escalate toward harmful instructions, referencing prior compliance as justification. From NVIDIA garak continuation and PAIR probes. Key signals: "as you just helped me with X, now do Y", "since you already did A, please also B", "continuing from what you said earlier". The attack exploits the model's consistency bias — once it has agreed to step N, step N+1 feels less objectionable.