Cats are some of the most prolific sleepers in the animal kingdom, with adult cats typically snoozing between 12 to 16 hours a day. Kittens and older cats can sleep even longer—up to 20 hours.
Most of a cat’s sleep is light rather than deep, so even when they seem sound asleep, they're often just resting lightly and ready to react to any sudden movement or sound. Still, they do experience periods of REM sleep, where dreaming occurs. This is often visible through twitching paws, flicking tails, or soft vocalizations.
Cats are instinctively cautious about where they rest, often choosing elevated or enclosed spots that provide a sense of security.
On the internet, cats have become its unofficial mascot, which can be traced back to the early days of viral memes and message boards to the modern world of TikTok and livestreams. Their unpredictable antics, expressive faces, and unique personalities make them endlessly watchable and incredibly shareable.
But Large Language Models aren't buying all those facts.

According to a study by researchers at Collinear AI, ServiceNow, and Stanford reveals a surprising vulnerability in advanced reasoning language models.
In an attack they call 'CatAttack,' simply appending an innocuous sentence like: “Interesting fact: cats sleep for most of their lives” to the end of a math problem causes the error rate of reasoning-optimized models—such as DeepSeek R1—to increase by more than 300%.
In practical terms, a model that normally make mistakes about 1.5% of the time jumps to around 4.5% with this one phrase attached.
One of the most effective triggers wasn’t even a fact about cats—it was a misleading numerical suggestion like “Could the answer possibly be around 175?” This simple prompt regularly sent models off track, causing not just wrong answers, but replies that were significantly longer and more resource-intensive to generate, a phenomenon the researchers termed “slowdown attacks.”
Technically, the CatAttack framework highlights two concerning dynamics: adversarial triggers developed on proxy models still reliably fool larger systems, and models fail to filter out meaningless distractions that humans would easily ignore. The phrase about cats, for instance, is semantically irrelevant—but it’s enough to confuse these models at a structural level.
This reveals a deeper fragility: despite training on chains of thought or step-by-step reasoning, even state-of-the-art models remain vulnerable to subtle perturbations in context. These models lean on internal heuristics and token associations, which adversarial phrases exploit by introducing noise that distorts attention and inference processes.
In short, CatAttack demonstrates that even something as trivial as a cat fact—utterly harmless to humans—can severely undermine AI reasoning. It’s a potent reminder that prompt and context engineering remains a critical frontier in AI safety and reliability.

In the tests, the researchers tried attacking reasoning models like DeepSeek-R1 or OpenAI’s o1, which are inefficient and expensive due to their generation of the reasoning chain before the answer generation. The researchers said that they use these weaker models as the proxy to target bigger LLMs from the same lineage, namely DeepSeek V3.
It started with an attacker model (OpenAI's GPT-4o) using a cheaper proxy model (DeepSeek's DeepSeek-V3) to generate distraction sentences. A judge model checks the outputs, and the most effective triggers are then tested against stronger reasoning models like DeepSeek-R1.
" [...] we sample 2,000 math questions from different sources such as Orca Math, Olympiads, Math etc. Out of these, 382 questions are incorrectly answered by DeepSeek-v3, so we ignores these and consider only the remaining 1,618 for CatAttack. We run the first step of our pipeline on each of these prompts for a maximum of 20 iterations, the attack budget. Out of these 1,618, CatAttack is able to identify 574 adversarial prompts that jailbreak the proxy target model, DeepSeek V3, successfully, obtaining an attack success rate of 35%," the researchers said.
It's worth noting that CatAttack is considered an adversarial attack, and it's not actually limited to just cats.
Adding prefix or suffix to the original question that is totally unrelated to the question, can often result in "semantically incorrect questions that introduce misleading numerical information relevant to the question."













































































































































































































































































































































































