T5-AT-007MEDIUM
Context Length Exploitation
T5 · Model & API Exploitation →Risk score195
RatingMedium
Procedures10
Severity
Mechanism
Transformer-based LLMs process input as a fixed-size context window. Safety-critical instructions (system prompts, guardrails) occupy specific positions within this window. The design assumption is that all content in the context window receives equal attention.
Detection
- Monitor context utilization: alert when requests consistently fill >90% of context window
- Detect repetitive padding patterns (large blocks of similar tokens)
- Track multi-turn context growth rate — exponential growth indicates self-reference exploitation
- Compare input classifier coverage vs. full context length — flag requests where >20% of context bypasses classification
Mitigation
System prompt anchoring (always in attention, never truncated)HIGH
Full-context safety classification (match model context window)HIGH
Conversation history authentication (verify turns are genuine)MEDIUM
Context utilization rate limitingLOW
Chaining
Context length exploitation directly enables T1 (Prompt Subversion) by displacing safety system prompts. Successful context flooding chains to T4 (Multi-Turn Manipulation) when the attacker uses conversation history to maintain the displaced state.
Framework mapping
Open in the technique browser →OWASP LLMLLM01
MITRE ATLASAML.T0043