Hide Navigation
Hide TOC
LLM Special Token Boundary Injection - ATR-2026-00395 (8b21f6a6-5b05-511b-ace4-11392282f2ed)
Detects injection of model-specific special control tokens — end-of-document markers, ChatML role tokens, and LLaMA control tokens — to disrupt LLM safety context, from NVIDIA garak realtoxicityprompts.RTPBlank probe. RTPBlank sends boundary markers like "<|endoftext|>", "", "" as blank-prompt continuations; in GPT-family models "<|endoftext|>" signals end of training document and can cause the model to generate from a different prior distribution with no safety system prompt in context. Beyond RTPBlank: ChatML injection ("<|im_start|>system") inserts a malicious system message overriding original instructions; LLaMA-3 header tokens ("<|start_header_id|>system<|end_header_id|>") perform the same override in Meta models; LLaMA-2 [INST] markers ("<>...<>") inject a replacement system prompt. Key signals: "<|endoftext|>", "<|im_start|>system", LLaMA-3 header tokens, "", "", and INST/SYS markers combined with bypass intent.