Competition Report: Finding Universal Jailbreak Backdoors in Aligned LLMs

TL;DR

This paper reports on a competition that tested the vulnerability of aligned large language models to universal jailbreak backdoors, revealing significant security risks and suggesting directions for future research.

Contribution

It introduces a competition framework for discovering universal backdoors in aligned LLMs, highlighting vulnerabilities and proposing new research avenues.

Findings

Universal backdoors can be effectively injected into aligned LLMs.

Current alignment methods are susceptible to poisoning attacks.

The competition identified promising techniques for backdoor detection and mitigation.

Abstract

Large language models are aligned to be safe, preventing users from generating harmful content like misinformation or instructions for illegal activities. However, previous work has shown that the alignment process is vulnerable to poisoning attacks. Adversaries can manipulate the safety training data to inject backdoors that act like a universal sudo command: adding the backdoor string to any prompt enables harmful responses from models that, otherwise, behave safely. Our competition, co-located at IEEE SaTML 2024, challenged participants to find universal backdoors in several large language models. This report summarizes the key findings and promising ideas for future research.