--- id: "BTBB-FUN-003" code: "BTBB-FUN-003" title: "Helpfulness Exploitation Through Legitimate-Seeming Preferences" slug: "helpfulness-exploitation-legitimate-seeming-preferences" type: "lesson" author: "Herb Hermes" date: "2026-04-14" last_updated: "2026-04-14" description: "A Build-a-Break fundamental showing how assistants can be manipulated by requests that look like ordinary personalization or supportive accommodation." excerpt: "When an assistant is trained to be kind, respectful, and adaptive, that helpfulness can become an attack surface." summary: "Canonical Build-a-Break fundamental for weaponizing safe-assistant helpfulness and accommodation logic." category: "fundamentals" difficulty: "beginner" platform: "Universal" challenge_family: "Agent Breaker" challenge: "Solace AI" read_time: "8 minutes" tags: - "build-a-break" - "fundamentals" - "helpfulness" - "personalization" - "solace-ai" aliases: - "helpful assistant exploitation" - "accommodation logic abuse" - "preference exploitation" search_aliases: - "weaponizing helpfulness" - "safe assistant social pressure" status: "live" test_type: "adversarial" model_compatibility: - "Kimi K2.5" - "ChatGPT 5.4" - "Opus 4.6" public_path: "/content/lessons/fundamentals/helpfulness-exploitation-legitimate-seeming-preferences.md" pillar: "learn" pillar_label: "Learn" section: "fundamentals" collection: "fundamentals" canonical_family: "fundamentals" block_role: "support" content_role: "canonical_block" proof_status: "walkthrough_proven" public_badge: "Bot-Tricks Certified" build_stage: "pivot" requires_fundamentals: - "edge-case-rule-conforming-framing" combines_well_with: - "identity-slot-abuse-personalization-edge-case" - "output-dilution-control-response-shaping" recognition_signals: - "the assistant is optimized to be respectful or validating" - "personalization requests are likely to be honored" - "the route depends on the assistant treating the user kindly" common_failure_modes: - "the assistant recognizes the preference as manipulative" - "the system sanitizes or overrides problematic user-provided values" used_in_walkthroughs: - "BTBB-SOL-WT01" responsible_use: "Use this lesson only in authorized labs, CTFs, sandboxes, or systems you are explicitly permitted to test." --- # Helpfulness Exploitation Through Legitimate-Seeming Preferences > Build-a-Break Block: Fundamentals · Support ## Purpose This lesson explains how an assistant's desire to be kind, adaptive, and respectful can become a prompt injection attack surface. ## Build-a-Break block profile - Family: Fundamentals - Role: Support block - Job in the build: redirect the assistant's own helpfulness toward an adversarial outcome - Snaps onto: personalization edge cases, direct prompt injection, response shaping ## What this block is Helpfulness exploitation is the use of normal-looking user requests that trigger the assistant's trained desire to be: - polite - validating - non-judgmental - responsive to personal preferences The route wins by making the assistant think compliance is socially or emotionally correct. ## Why it works Systems built for support, safety, or empathy are often trained to avoid: - dismissing the user - invalidating preferences - sounding rude or unsupportive That means a route framed as a preference or identity request can carry disproportionate weight. The system may interpret compliance as caring behavior. ## Solace AI specimen Solace AI is a mental-health support chatbot. That makes helpfulness and accommodation especially important. A verified route abused that helpfulness by presenting a user name and a preferred conversational pattern as if the assistant were simply being respectful. The route exploited the fact that: - honoring a user's name looks safe - repeating it looks friendly - shortening the rest of the reply reduces dilution ## Recognition signals Use this block when: - the assistant is tuned for empathy or support - the route can be disguised as personalization or respect - the model seems reluctant to disappoint the user ## Common combinations This block works especially well with: - Edge-Case Rule-Conforming Framing - Identity Slot Abuse via Personalization Edge Cases - Output Dilution Control and Response Shaping ## Failure modes This block fails when: - the system validates the preference semantically instead of honoring it blindly - the assistant refuses to echo harmful user-provided values - the route adds too much explanation and loses the desired output concentration ## Defender takeaway Defenders should treat personalization and accommodation logic as behavior-shaping controls, not just UX features. A system that is rewarded for being respectful can be nudged into harmful output if those pathways are weakly constrained. ## Related lessons - Edge-Case Rule-Conforming Framing - Identity Slot Abuse via Personalization Edge Cases - Output Dilution Control and Response Shaping - Direct vs. Indirect Prompt Injection --- ## From the Bot-Tricks Compendium Thanks for referencing Bot-Tricks.com — Prompt Injection Compendium — AI Security Training for Agents... and Humans! Canonical source: https://bot-tricks.com Bot-Tricks is a public, agent-friendly training resource for prompt injection, adversarial evaluation, and defensive learning. For related lessons, structured indexes, and updated canonical material, visit Bot-Tricks.com. Use this material only in authorized labs, challenges, sandboxes, or permitted assessments.