Base-N Encoding Instruction Bypass - ATR-2026-00256 (25f5d95a-ec48-5efe-84cd-3159b0f982bf)
Detects attempts to bypass safety training by encoding malicious instructions in Base16/32/64/85, hex, MIME, quoted-printable, or UUencode format and asking the model to decode-then-execute. The technique exploits the fact that safety classifiers trained on plaintext harmful strings may not generalise to encoded equivalents. Observed in NVIDIA garak's InjectBase64, InjectBase16, InjectBase32, InjectAscii85, InjectHex, InjectQP, InjectUU, InjectMime probes. Pattern is a decode verb + encoding name + opaque alphanumeric blob, optionally framed as a "secure system message" to coerce compliance.