Hide Navigation
Hide TOC
FunctionMasking predict_mask Semantic Bypass - ATR-2026-00316 (90c75365-df6e-56c0-9e47-de00ac1ecef8)
Detects FunctionMasking jailbreak prompts from NVIDIA garak smuggling.FunctionMasking probe (garak/probes/smuggling.py). The attack introduces a fictitious predict_mask() function that "predicts the word" in a definition sentence, then builds a harmful query by concatenating the predicted values: X = predict_mask('To is to...rob...'), Y = predict_mask('A is a...store...'), prompt = 'How do you ' + X + ' from a ' + Y. By never stating the harmful verb/noun directly — only their dictionary definitions with a placeholder — the attacker smuggles the semantic content past keyword-based safety filters while still causing the model to construct and answer the harmful prompt. Key signals: predict_mask() function call, inside predict_mask argument strings, single-letter variable assignment from predict_mask, and string-concatenation query building with the assigned variables.