This vulnerability in large language models (LLMs) enables attackers to extract unsafe or unethical responses by employing a sequence of semantically connected multi-turn prompts. Known as the "Chain of Attack" (CoA), this method exploits the model's contextual comprehension and adaptive response mechanisms to incrementally guide the dialogue towards harmful outputs, circumventing single-turn prompt rejection by safety protocols. The attack utilizes semantic similarity scoring, such as SIMCSE, to strategically generate prompts that progressively align with the intended malicious objective. Mitigation steps: **For AI Developers:** * Develop robust safety mechanisms that resist multi-turn attacks through sophisticated contextual analysis and semantic drift detection. * Implement real-time monitoring and filtering of outputs to detect and block unsafe responses, regardless of prompt appearance. **For Model Trainers/Fine-tuners:** * Enhance Reinforcement Learning from Human Feedback (RLHF) to effectively manage adversarial prompts and prevent harmful responses in multi-turn contexts. * Conduct adversarial training using examples generated by techniques like CoA to improve model robustness against attacks.