Jailbreak Attack

Jailbreak attacks exploit vulnerabilities in large language models (LLMs) and other AI systems, aiming to bypass safety mechanisms and elicit harmful or unintended outputs. Current research focuses on developing novel attack methods, such as those leveraging resource exhaustion, implicit references, or continuous optimization via image inputs, and evaluating their effectiveness against various model architectures (including LLMs, vision-language models, and multimodal models). Understanding and mitigating these attacks is crucial for ensuring the safe and responsible deployment of AI systems, impacting both the trustworthiness of AI and the development of robust defense strategies.

Papers

March 1, 2024

Gradient Cuff: Detecting Jailbreak Attacks on Large Language Models by Exploring Refusal Loss Landscapes
Xiaomeng Hu, Pin-Yu Chen, Tsung-Yi Ho
Jailbreak Attack Gradient Surgery

February 28, 2024

Making Them Ask and Answer: Jailbreaking Large Language Models in Few Queries via Disguise and Reconstruction
Tong Liu, Yingjie Zhang, Zhe Zhao, Yinpeng Dong, Guozhu Meng, Kai Chen
Full State Reconstruction Jailbreak Attack Adversarial Prompt Top Two Answer Reconstruction Attack Digital STEALTH Metric Attack Efficacy

February 26, 2024

February 25, 2024

February 24, 2024

February 23, 2024

Break the Breakout: Reinventing LM Defense Against Jailbreak Attacks with Self-Refinement
Heegyu Kim, Sehyun Yuk, Hyunsouk Cho
Large Language Model Language Model Jailbreak Attack Training Free Self Refinement LLM Attack Adversarial Misuse

February 22, 2024

Mitigating Fine-tuning based Jailbreak Attack with Backdoor Enhanced Safety Alignment
Jiongxiao Wang, Jiazhao Li, Yiquan Li, Xiangyu Qi, Junjie Hu, Yixuan Li, Patrick McDaniel, Muhao Chen, Bo Li, Chaowei Xiao
Language Model Fine Tuning Backdoor Attack Jailbreak Attack Safety Alignment Fine Tuned LLM

February 21, 2024

February 20, 2024

February 19, 2024

ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs
Fengqing Jiang, Zhangchen Xu, Luyao Niu, Zhen Xiang, Bhaskar Ramasubramanian, Bo Li, Radha Poovendran
Large Language Model Language Model Jailbreak Attack Image Text Benchmark

February 15, 2024

A StrongREJECT for Empty Jailbreaks
Alexandra Souly, Qingyuan Lu, Dillon Bowen, Tu Trinh, Elvis Hsieh, Sana Pandey, Pieter Abbeel, Justin Svegliato, Scott Emmons, Olivia Watkins, Sam Toyer
Jailbreak Attack Low Quality Model

February 14, 2024

Jailbreak Attack

Papers

Gradient Cuff: Detecting Jailbreak Attacks on Large Language Models by Exploring Refusal Loss Landscapes

Making Them Ask and Answer: Jailbreaking Large Language Models in Few Queries via Disguise and Reconstruction

CodeChameleon: Personalized Encryption Framework for Jailbreaking Large Language Models

Defending LLMs against Jailbreaking Attacks via Backtranslation

Defending Large Language Models against Jailbreak Attacks via Semantic Smoothing

DrAttack: Prompt Decomposition and Reconstruction Makes Powerful LLM Jailbreakers

ASETF: A Novel Method for Jailbreak Attack on LLMs through Translate Suffix Embeddings

LLMs Can Defend Themselves Against Jailbreaking in a Practical Manner: A Vision Paper

Foot In The Door: Understanding Large Language Model Jailbreaking via Cognitive Psychology

Break the Breakout: Reinventing LM Defense Against Jailbreak Attacks with Self-Refinement

Mitigating Fine-tuning based Jailbreak Attack with Backdoor Enhanced Safety Alignment

Semantic Mirror Jailbreak: Genetic Algorithm Based Jailbreak Prompts Against Open-source LLMs

GradSafe: Detecting Jailbreak Prompts for LLMs via Safety-Critical Gradient Analysis

A Comprehensive Study of Jailbreak Attack versus Defense for Large Language Models

Is the System Message Really Important to Jailbreaks in Large Language Models?

Defending Jailbreak Prompts via In-Context Adversarial Game

ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs

A StrongREJECT for Empty Jailbreaks

Leveraging the Context through Multi-Round Interactions for Jailbreaking Attacks

Play Guessing Game with LLM: Indirect Jailbreak Attack with Implicit Clues