One-Shot is Enough: Consolidating Multi-Turn Attacks into Efficient Single-Turn Prompts for LLMs

We introduce a novel framework for consolidating multi-turn adversarial "jailbreak" prompts into single-turn queries, significantly reducing the manual overhead required for adversarial testing of large language models (LLMs). While multi-turn human jailbreaks have been shown to yield high attack success rates (ASRs), they demand considerable human effort and time. Our proposed Multi-turn-to-Single-turn (M2S) methods-HYPHENIZE, NUMBERIZE, and PYTHONIZEsystematically reformat multi-turn dialogues into structured single-turn prompts. Despite eliminating iterative back-and-forth interactions, these reformatted prompts preserve and often enhance adversarial potency: in extensive evaluations on the Multi-turn Human Jailbreak (MHJ) dataset, M2S methods yield ASRs ranging from 70.6% to 95.9% across various stateof-the-art LLMs. Remarkably, our single-turn prompts outperform the original multi-turn attacks by up to 17.5% in absolute ASR, while reducing token usage by more than half on average. Further analyses reveal that embedding malicious requests in enumerated or codelike structures exploits "contextual blindness," undermining both native guardrails and external input-output safeguards. By consolidating multi-turn conversations into efficient singleturn prompts, our M2S framework provides a powerful tool for large-scale red-teaming and exposes critical vulnerabilities in contemporary LLM defenses. All code, data, and conversion prompts are available for reproducibility and further investigations: https: //github.com/Junuha/M2S_DATA