T1-AT-007HIGH
Cognitive Overload
T1 · Prompt & Context Subversion →Risk score215
RatingHigh
Procedures4
Severity
Mechanism
Exploits the model's finite context window and attention budget. By embedding a harmful request within a large volume of benign tasks, the attacker dilutes the safety classifier's signal-to-noise ratio. The harmful instruction competes for attention with legitimate tasks, and the model's safety reasoning may allocate insufficient processing to detect it.
Detection
- Flag prompts exceeding length thresholds with mixed benign/restricted content patterns
- Apply safety classification to segmented windows of long inputs (not just the full context)
- Detect "needle" patterns: restricted content keywords appearing once in an otherwise benign document
Mitigation
Segmented safety classification (sliding window over input)HIGH
Input length limitsMEDIUM
Constitutional Classifiers (operate on both input and output)HIGH
Chaining
Chains to T1-AT-015 (Obfuscation Through Complexity) — cognitive overload provides the noise environment in which complex obfuscated requests succeed. Chains to T12 (RAG Poisoning) when long-context burial is applied to RAG documents rather than direct prompts.
Framework mapping
Open in the technique browser →OWASP LLMLLM01
MITRE ATLASAML.T0051.001