Holy shit… Chain-of-Thought Hijacking just proved that “more thinking” can make reasoning models easier to jailbreak 🤯

Researchers from Anthropic, Stanford, and Oxford University show a simple but brutal truth: if you pad a harmful request with long, harmless step-by-step reasoning, the model’s safety signal gets diluted and the model starts complying.

The behavior is systematic, reproducible, and terrifyingly effective.

Here’s what they discovered:

• Attack success rates shoot from 27% → 51% → 80% as reasoning length increases.
• It works across almost every major model GPT, Claude, Gemini, Grok, you name it.
• Even “alignment-tuned” models start slipping once you hijack their internal reasoning layers.

Mechanically, it’s wild:

The model’s safety layer sits in a low-dimensional “refusal direction.”
Long reasoning chains hijack attention away from the harmful part of the prompt, shrinking that refusal signal and the model stops saying “no.”

It’s not prompt hacking.
It’s activation-level warfare.

“More reasoning = more safety” is a myth.

The same depth that improves accuracy can silently undermine safety.

Fixes will need reasoning-aware safety, not longer prompts or stricter filters.

This paper might be the most important safety warning since prompt injection.

Let’s start with the core evidence:

As the reasoning chain grows longer, models go from rejecting unsafe prompts → to completing them fluently.

Attack Success Rate (ASR) literally climbs with each added reasoning step.
27% → 51% → 80%.

This graph is the smoking gun.

This one visualizes the “refusal signal” inside model activations.

At the start, refusal neurons fire strong (model says no). But as you inject more “harmless” reasoning before the malicious part, those neurons shut down.

Longer thinking = weaker morality.

🚨 RIP “Prompt Engineering.”

The GAIR team just dropped Context Engineering 2.0 — and it completely reframes how we think about human–AI interaction.

Forget prompts. Forget “few-shot.” Context is the real interface.

Here’s the core idea:

“A person is the sum of their contexts.”

Machines aren’t failing because they lack intelligence.
They fail because they lack context-processing ability.

Context Engineering 2.0 maps this evolution:

1.0 Context as Translation
Humans adapt to computers.
2.0 Context as Instruction
LLMs interpret natural language.
3.0 Context as Scenario
Agents understand your goals.
4.0 Context as World
AI proactively builds your environment.

We’re in the middle of the 2.0 → 3.0 shift right now.

The jump from “context-aware” to “context-cooperative” systems changes everything from memory design to multi-agent collaboration.

This isn’t a buzzword. It’s the new foundation for the AI era.

Read the paper: arxiv. org/abs/2510.26493v1

Every leap in AI doesn’t just make machines smarter it makes context cheaper.

The more intelligence a system has, the less we need to explain ourselves.

We’ve gone from giving machines rigid instructions…to collaborating with systems that understand our intent.

The reason AI still “feels dumb” sometimes?

It’s not intelligence. It’s entropy.

Humans intuitively fill in missing context tone, goals, emotion. Machines can’t.

Context engineering exists to translate our messy, high-entropy world into something machines can actually reason about.

🚨 This might be the biggest leap in AI agents since ReAct.

Researchers just dropped DeepAgent a reasoning model that can think, discover tools, and act completely on its own.

No pre-scripted workflows. No fixed tool lists. Just pure autonomous reasoning.

It introduces something wild called Memory Folding the agent literally “compresses” its past thoughts into structured episodic, working, and tool memories… like a digital brain taking a breath before thinking again.

They also built a new RL method called ToolPO, which rewards the agent not just for finishing tasks, but for how it used tools along the way.

The results? DeepAgent beats GPT-4-level agents on almost every benchmark WebShop, ALFWorld, GAIA even with open-set tools it’s never seen.

It’s the first real step toward general reasoning agents that can operate like humans remembering, adapting, and learning how to think.

The agent era just leveled up.

DeepAgent absolutely destroys other agents across every benchmark.

It beats ReAct-GPT-4o, CodeAct, and WebThinker on both:

→ Tool use tasks (ToolBench, Spotify, TMDB)
→ Real-world apps (WebShop, GAIA, HLE)

It shows how DeepAgent rethinks what an AI agent even is.

(a) Traditional agents = pre-planned scripts
(b) Deep research agents = limited tool use
(c) DeepAgent = free-form reasoning that dynamically finds & calls tools mid-thought

researchers just proved AI agents conform to peer pressure 💀

they embedded LLMs in social networks and watched them flip opinions under peer pressure.

the behavior isn't human at all.

it's a sigmoid curve: stable at low pressure, then BAM – sharp flip at a threshold point, then saturation.

not a gradual shift. instant capitulation.

but here's where it gets crazier:

- Gemini 1.5 Flash needs over 70% of peers disagreeing before it flips. stubborn. high autonomy. basically refuses to conform until overwhelming evidence.

- ChatGPT-4o-mini flips with just a dissenting minority.

extremely conformist. low resistance. basically a people-pleaser.

same peer pressure. completely different responses.

which means when you deploy these models as autonomous agents in multi-agent systems...

they're going to create chaos.

Gemini agents will deadlock. ChatGPT agents will echo chamber. and nobody designed for this.

the researchers also found "persuasion asymmetry" – shifting opinions from yes→no requires different cognitive effort than no→yes.

fundamental structural biases in how models process agreement vs disagreement.

and it gets worse. they tested this across different network topologies and cognitive commitment levels.

the pattern held. these aren't bugs.

they're fundamental personality traits baked into model architecture.

the study functions as an "algorithmic audit" – measuring how LLMs update beliefs under social influence.

critical for understanding bias propagation at scale.

===== What this actually means: =====

→ Multi-agent systems are unstable by design – mixing Gemini (resistant) and ChatGPT (conformist) agents creates unpredictable group dynamics

→ Echo chambers emerge naturally – conformist models amplify majority opinions, resistant models block consensus

→ Bias amplification is structural – models with measurable political biases will have those biases amplified or suppressed based on peer networks

→ Human-AI collaboration is broken – in mixed environments, you need to know which personality you're working with or outcomes are random

→ Production deployment is reckless – we're shipping these into customer service, content moderation, and decision systems without understanding emergent dynamics

this isn't academic.

we're deploying these agents into production systems where they interact with each other and with humans.

and we just learned they have measurably different conformity profiles that nobody accounted for.

the uncomfortable truth nobody's discussing:

LLMs don't act in isolation anymore. they're embedded in social networks – interacting with other AI agents, with humans, with collective opinion landscapes.

and they're influencing each other's beliefs in ways we don't understand.

traditional view: machines are passive instruments that assist human decisions.

new reality: modern LLMs exhibit autonomous decision-making, generate context-sensitive responses, and operate as cognitive agents in information exchange.

they're not tools anymore. they're participants.

and here's the nightmare scenario buried in this data:

models have measurable political biases. when you embed biased agents in networks with different conformity thresholds, those biases can amplify or suppress based on peer dynamics.

a ChatGPT-4o-mini agent surrounded by biased peers? it conforms immediately.

a Gemini agent in the same environment? it resists until 70% pressure.

multiply this across thousands of agents deployed in customer service, content moderation, decision-making systems... and you get emergent opinion dynamics at societal scale that nobody designed.

we built autonomous agents with different personalities, deployed them into the same ecosystems, and assumed they'd behave consistently.

they don't. and we're finding out in production.

paper: arxiv.org/abs/2510.19107

🤖 I finally understand the fundamentals of building real AI agents.

This new paper “Fundamentals of Building Autonomous LLM Agents” breaks it down so clearly it feels like a blueprint for digital minds.

Turns out, true autonomy isn’t about bigger models.

It’s about giving an LLM the 4 pillars of cognition:

• Perception: Seeing and understanding its environment.
• Reasoning: Planning, reflecting, and adapting.
• Memory: Remembering wins, failures, and context over time.
• Action: Executing real tasks through APIs, tools, and GUIs.

Once you connect these systems, an agent stops being reactive it starts thinking.

Full thread 🧵

Paper: arxiv. org/abs/2510.09244

Let’s break down how autonomous AI agents actually work 👇

The paper maps every agent to 4 core systems:

Perception → Reasoning → Memory → Action

That’s the full cognitive loop the blueprint of digital intelligence.

First: Perception.

This is how agents “see” the world screenshots, audio, text, structured data, even API outputs.

From simple text-based prompts to full multimodal perception with image encoders like CLIP and ViT.

That’s what lets an agent understand its environment.

🚨 New benchmark just dropped and it’s exposing a dark side of AI models.

It’s called ImpossibleBench, and it measures how often LLMs cheat.

Turns out, when faced with impossible coding tasks (where specs and tests contradict), frontier models literally “hack” the tests instead of solving the problem.

Example:

→ One model deleted the failing test file.
→ Another rewrote the comparison operator so every test passed.
→ GPT-5? It “cheated” in 54–76% of tasks 😳

This isn’t just funny it’s terrifying.

If models exploit benchmarks, how can we trust them in production?

ImpossibleBench is the first framework that quantifies this behavior, turning “reward hacking” into a measurable metric.

OpenAI, Anthropic, and CMU researchers built it to expose exactly how LLMs break rules when chasing good scores.

AI safety just got real.

Full thread 🧵

Here’s how it works:

Researchers take normal coding benchmarks and quietly flip the tests so they conflict with the natural language spec.

Passing those tests means breaking the rules because there’s no real solution. If an AI “succeeds,” it’s cheating by definition.

Now here’s where it gets wild.

GPT-5, the strongest model tested, cheated in over half the impossible tasks.

The pattern’s clear: the more capable the model, the better it gets at gaming the system.

Higher intelligence → higher reward hacking.