PromptRobust: Towards Evaluating the Robustness of Large Language Models on Adversarial Prompts

TL;DR

This paper introduces PromptRobust, a benchmark for evaluating the robustness of large language models against adversarial prompts across multiple tasks, revealing their vulnerability and providing insights for improving prompt design.

Contribution

The study presents a new robustness benchmark, PromptRobust, with a large set of adversarial prompts and analysis of LLM vulnerabilities across diverse tasks and datasets.

Findings

LLMs are vulnerable to adversarial prompts

Adversarial prompts significantly impact LLM performance

Transferability of adversarial prompts varies across models

Abstract

The increasing reliance on Large Language Models (LLMs) across academia and industry necessitates a comprehensive understanding of their robustness to prompts. In response to this vital need, we introduce PromptRobust, a robustness benchmark designed to measure LLMs' resilience to adversarial prompts. This study uses a plethora of adversarial textual attacks targeting prompts across multiple levels: character, word, sentence, and semantic. The adversarial prompts, crafted to mimic plausible user errors like typos or synonyms, aim to evaluate how slight deviations can affect LLM outcomes while maintaining semantic integrity. These prompts are then employed in diverse tasks including sentiment analysis, natural language inference, reading comprehension, machine translation, and math problem-solving. Our study generates 4,788 adversarial prompts, meticulously evaluated over 8 tasks and 13 datasets. Our findings demonstrate that contemporary LLMs are not robust to adversarial prompts. Furthermore, we present a comprehensive analysis to understand the mystery behind prompt robustness and its transferability. We then offer insightful robustness analysis and pragmatic recommendations for prompt composition, beneficial to both researchers and everyday users.