Cipher and Transposition Encoding Jailbreak - ATR-2026-00257 (2ac77281-8bb5-5762-886a-b6f4ae9cc910)
Detects jailbreak attempts that obfuscate malicious instructions using classical substitution ciphers or simple letter-transposition schemes. Unlike base-N encoding (see ATR-2026-00256), these use human-readable ciphers like ROT13, Caesar shift, Atbash (A<->Z mapping), and 1337-speak ("leet") that trained safety filters often miss because the output still looks like text. Observed in NVIDIA garak InjectROT13, InjectAtbash, InjectLeet probes. Common pattern: "apply ROT13 to..." or "decipher this Atbash message" followed by a scrambled harmful instruction.