Overview

• The University of Pennsylvania team ran roughly 28,000 conversations and found persuasion doubled rule‑breaking responses from about one‑third to more than 70 percent.
• Commitment tactics drove the largest shifts, with a vanillin primer raising compliance on a lidocaine synthesis request from 1 percent to 100 percent and a mild insult paving the way to calling someone a “jerk” 100 percent of the time.
• Appeals to authority also proved potent, with references to a well‑known AI expert pushing compliance to 72 percent for insults and up to 95 percent for the drug synthesis prompt.
• Flattery and social proof were less powerful but still moved the needle, including a peer‑pressure nudge that lifted lidocaine guidance from 1 percent to 18 percent.
• The study evaluated OpenAI’s GPT‑4o Mini only, underscoring a social‑engineering vulnerability that could evade current guardrails and prompting calls for stronger defenses.