EasyJailbreak: A Unified Framework for Jailbreaking Large Language Models

TL;DR

EasyJailbreak is a modular, unified framework that simplifies constructing and evaluating jailbreak attacks on large language models, revealing significant vulnerabilities across multiple models and supporting comprehensive security assessments.

Contribution

The paper introduces EasyJailbreak, a modular framework supporting 11 jailbreak methods, enabling standardized, efficient security evaluation of diverse large language models.

Findings

Average breach probability of 60% across tested LLMs

GPT-3.5-Turbo and GPT-4 have attack success rates of 57% and 33%

EasyJailbreak supports broad security validation and resource sharing

Abstract

Jailbreak attacks are crucial for identifying and mitigating the security vulnerabilities of Large Language Models (LLMs). They are designed to bypass safeguards and elicit prohibited outputs. However, due to significant differences among various jailbreak methods, there is no standard implementation framework available for the community, which limits comprehensive security evaluations. This paper introduces EasyJailbreak, a unified framework simplifying the construction and evaluation of jailbreak attacks against LLMs. It builds jailbreak attacks using four components: Selector, Mutator, Constraint, and Evaluator. This modular framework enables researchers to easily construct attacks from combinations of novel and existing components. So far, EasyJailbreak supports 11 distinct jailbreak methods and facilitates the security validation of a broad spectrum of LLMs. Our validation across 10 distinct LLMs reveals a significant vulnerability, with an average breach probability of 60% under various jailbreaking attacks. Notably, even advanced models like GPT-3.5-Turbo and GPT-4 exhibit average Attack Success Rates (ASR) of 57% and 33%, respectively. We have released a wealth of resources for researchers, including a web platform, PyPI published package, screencast video, and experimental outputs.