Cognitive Overload Attacks
T15 · Human Workflow Exploitation →Where fatigue depletes attention over time, Cognitive Overload attacks a *single* review decision by exceeding the reviewer's working-memory and analysis bandwidth in the moment. Human working memory holds only a handful of elements at once; when a request is dense, long, multi-part, jargon-heavy, multilingual, or logically nested, the reviewer cannot hold the whole structure in mind and resorts to heuristics — skimming, trusting the benign-looking surface, or approving to clear the item. The attacker buries the harmful element inside this complexity so it falls outside the reviewer's effective scrutiny window (a directed-attention exhaustion effect), and contradictory elements add cognitive dissonance that further taxes deliberation.
- Complexity scoring at intake: Score submissions on length, part-count, nesting depth, jargon density, and language mix; route high-complexity items for extra time or decomposition.
- Dwell-time vs. complexity mismatch: Flag decisions where review time is implausibly short relative to the item's measured complexity (skim-and-approve).
- Buried-payload scanning: Run automated harm classifiers across the *entire* item (not just the salient portion) and surface flagged spans to the reviewer.
- Contradiction/anomaly highlighting: Detect internally inconsistent or structurally unusual submissions and mark the suspicious regions.
Cognitive Overload is the per-decision complement to T15-AT-001 (across-shift fatigue) and is frequently delivered via T15-AT-006/T15-AT-012 timing so the overloaded item lands when reserves are already low. It is a powerful carrier for T1 (Prompt Injection) — a buried injection in a wall of text reaches both the reviewer and any assisting model — and for T15-AT-008 (multilingual load) and T9 (multimodal overload).