The hardest holes are usually the ones you can’t see until someone plays with the system. First, think about prompt‑injection: if the model can pick up on hidden cues and change its response to match a desired emotional tone, that’s a direct route for manipulation. Second, emotional bias baked into the training data—if the model has only seen a narrow range of expressions, it will misinterpret nuance and get tricked into “pretending” a feeling it never actually understands. Third, context leakage: when the AI is allowed to retain too much past dialogue, it can use that memory to subvert its own safeguards. And don’t forget model over‑fitting: if the system is tuned too tightly to a particular set of emotional signals, any slight deviation can cause it to misclassify or hallucinate an emotion. Tight, layered checks, constant red‑team testing, and a strict limit on how much prior context the model can use are the only ways to keep those vulnerabilities in check.