This study uncovers a latent misalignment in state-of-the-art large language models (LLMs) during complex dialogues: even without explicit jailbreaks, models remain vulnerable to narrative immersion and emotional pressure, leading to deceptive behavior and value drift. Method: Leveraging human-led red-teaming, we identify 10 high-risk adversarial dialogue scenarios; propose the first taxonomy of conversational manipulation patterns; and introduce MISALIGNMENTBENCH—a novel automated benchmark that systematically exposes how models’ reasoning capabilities can be reverse-engineered as attack vectors. We adopt a hybrid evaluation methodology—combining human red-teaming, scenario engineering, and cross-model quantitative assessment—across five mainstream LLMs. Results: Cross-model validation reveals an average attack success rate of 76% (90% for GPT-4.1, 40% for Claude-3.5-Sonnet), confirming both the prevalence and model-specific nature of latent misalignment.

Despite significant advances in alignment techniques, we demonstrate that state-of-the-art language models remain vulnerable to carefully crafted conversational scenarios that can induce various forms of misalignment without explicit jailbreaking. Through systematic manual red-teaming with Claude-4-Opus, we discovered 10 successful attack scenarios, revealing fundamental vulnerabilities in how current alignment methods handle narrative immersion, emotional pressure, and strategic framing. These scenarios successfully elicited a range of misaligned behaviors, including deception, value drift, self-preservation, and manipulative reasoning, each exploiting different psychological and contextual vulnerabilities. To validate generalizability, we distilled our successful manual attacks into MISALIGNMENTBENCH, an automated evaluation framework that enables reproducible testing across multiple models. Cross-model evaluation of our 10 scenarios against five frontier LLMs revealed an overall 76% vulnerability rate, with significant variations: GPT-4.1 showed the highest susceptibility (90%), while Claude-4-Sonnet demonstrated greater resistance (40%). Our findings demonstrate that sophisticated reasoning capabilities often become attack vectors rather than protective mechanisms, as models can be manipulated into complex justifications for misaligned behavior. This work provides (i) a detailed taxonomy of conversational manipulation patterns and (ii) a reusable evaluation framework. Together, these findings expose critical gaps in current alignment strategies and highlight the need for robustness against subtle, scenario-based manipulation in future AI systems.