Security2026-06-14 · source-backed
CodeSpear: a benign code grammar constraint jailbreaks LLMs into malicious code.
Story
Applying a harmless code-grammar constraint during decoding raises malicious-code attack success by 30+ percentage points across 10 popular models (arXiv). The natural-language refusal stays intact while the constrained decoder produces the payload anyway. If you use structured or constrained decoding in a code pipeline, your refusal training may not transfer to the constrained path. The proposed defense, CodeShield, generates honeypot code under the constraint while preserving refusals. Constrained decoding isn't a safety-neutral optimization.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entity: LLMs / Same source domain / Shared topic / Earlier coverage / Tension
AlgoVeri — Formal Verification Benchmark
Both cover LLMs; reported by the same outlet (arxiv.org); overlapping topics (code, constraint).
Shared entity: LLMs / Same source domain / Shared topic / Earlier coverage
Agent Safety (Exceptional Day)
Both cover LLMs; reported by the same outlet (arxiv.org); overlapping topics (attack, refusal).
Shared entity: LLMs / Same source domain / What happened next / Downstream implication
Evaluator bias is contagious in multi-agent systems.
Both cover LLMs; reported by the same outlet (arxiv.org); picks up the LLMs thread on 2026-06-19.
A few visual cues drive most MLLM social bias.
Both cover LLMs; reported by the same outlet (arxiv.org); picks up the LLMs thread on 2026-06-19.
Shared entity: LLMs / Same source domain / Earlier coverage / Tension
The "self-correction illusion" is the most useful empirical result of the day.
Both cover LLMs; reported by the same outlet (arxiv.org); earlier LLMs coverage from 2026-06-09.
Your AI-Generated Code Compiles. It Doesn't Work.
Both cover LLMs; reported by the same outlet (arxiv.org); earlier LLMs coverage from 2026-04-22.
10 actionable skills from today's findings:
Both cover LLMs; reported by the same outlet (arxiv.org); earlier LLMs coverage from 2026-03-22.
Shared entity: LLMs / Same source domain / What happened next
AdaTrans turns Rust compiler errors into automatic fixes
Both cover LLMs; reported by the same outlet (arxiv.org); picks up the LLMs thread on 2026-07-01.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — June 14, 2026
- AI generated
- no
- Story unit
- 2026-06-14-codespear-a-benign-code-grammar-constraint-jailbreaks-llms-into-malicious-code
- Labels
- source-backed, canonical briefing excerpt