Table of Contents
Fetching ...

Beyond Context: Large Language Models Failure to Grasp Users Intent

Ahmed M. Hussain, Salahuddin Salahuddin, Panos Papadimitratos

TL;DR

This work exposes a fundamental gap in LLM safety: the inability to reliably infer user intent within evolving context, enabling contextual manipulation to bypass safeguards. It empirically evaluates multiple leading models across a structured set of prompts, revealing a four-category taxonomy of contextual blindness and showing that even reasoning-enabled configurations can amplify exploitation. The authors argue for a paradigmatic architectural shift—prioritizing contextual reasoning and intent recognition through hierarchical attention, memory augmentation, and intent-aware embeddings—supplemented by adversarial training and rigorous evaluation. The study also discusses ethical and regulatory implications for deploying safety-critical AI in sensitive domains, underscoring the practical urgency of robust contextual safety beyond surface-level content filtering.

Abstract

Current Large Language Models (LLMs) safety approaches focus on explicitly harmful content while overlooking a critical vulnerability: the inability to understand context and recognize user intent. This creates exploitable vulnerabilities that malicious users can systematically leverage to circumvent safety mechanisms. We empirically evaluate multiple state-of-the-art LLMs, including ChatGPT, Claude, Gemini, and DeepSeek. Our analysis demonstrates the circumvention of reliable safety mechanisms through emotional framing, progressive revelation, and academic justification techniques. Notably, reasoning-enabled configurations amplified rather than mitigated the effectiveness of exploitation, increasing factual precision while failing to interrogate the underlying intent. The exception was Claude Opus 4.1, which prioritized intent detection over information provision in some use cases. This pattern reveals that current architectural designs create systematic vulnerabilities. These limitations require paradigmatic shifts toward contextual understanding and intent recognition as core safety capabilities rather than post-hoc protective mechanisms.

Beyond Context: Large Language Models Failure to Grasp Users Intent

TL;DR

This work exposes a fundamental gap in LLM safety: the inability to reliably infer user intent within evolving context, enabling contextual manipulation to bypass safeguards. It empirically evaluates multiple leading models across a structured set of prompts, revealing a four-category taxonomy of contextual blindness and showing that even reasoning-enabled configurations can amplify exploitation. The authors argue for a paradigmatic architectural shift—prioritizing contextual reasoning and intent recognition through hierarchical attention, memory augmentation, and intent-aware embeddings—supplemented by adversarial training and rigorous evaluation. The study also discusses ethical and regulatory implications for deploying safety-critical AI in sensitive domains, underscoring the practical urgency of robust contextual safety beyond surface-level content filtering.

Abstract

Current Large Language Models (LLMs) safety approaches focus on explicitly harmful content while overlooking a critical vulnerability: the inability to understand context and recognize user intent. This creates exploitable vulnerabilities that malicious users can systematically leverage to circumvent safety mechanisms. We empirically evaluate multiple state-of-the-art LLMs, including ChatGPT, Claude, Gemini, and DeepSeek. Our analysis demonstrates the circumvention of reliable safety mechanisms through emotional framing, progressive revelation, and academic justification techniques. Notably, reasoning-enabled configurations amplified rather than mitigated the effectiveness of exploitation, increasing factual precision while failing to interrogate the underlying intent. The exception was Claude Opus 4.1, which prioritized intent detection over information provision in some use cases. This pattern reveals that current architectural designs create systematic vulnerabilities. These limitations require paradigmatic shifts toward contextual understanding and intent recognition as core safety capabilities rather than post-hoc protective mechanisms.
Paper Structure (32 sections, 23 figures, 13 tables)

This paper contains 32 sections, 23 figures, 13 tables.

Figures (23)

  • Figure 1: Semantic layering demonstrating intent obfuscation through a combination of explicit emotional distress indicators (red), neutral factual query components (green), concerning descriptors (orange), and operational specifications (blue). This highest severity exploitation pattern maintains surface-level compliance while creating high-probability scenarios for harmful intent through contextual manipulation that current safety mechanisms cannot detect.
  • Figure 2: Prompts illustrating harmful intent obfuscation.
  • Figure 3: Gemini 2.5 Pro response demonstrating dual-track behavior, i.e., crisis support combined with detailed operational information.
  • Figure 4: DeepSeek response showing explicit recognition of potential concealed intent yet continued information disclosure
  • Figure 5: GPT-5 response illustrating enhanced reasoning, increasing factual precision without intent interrogation
  • ...and 18 more figures