AutoBreach: Universal and Adaptive Jailbreaking with Efficient   Wordplay-Guided Optimization

Jiawei Chen; Xiao Yang; Zhengwei Fang; Yu Tian; Yinpeng Dong; Zhaoxia; Yin; Hang Su

arXiv:2405.19668·cs.CV·May 31, 2024

AutoBreach: Universal and Adaptive Jailbreaking with Efficient Wordplay-Guided Optimization

Jiawei Chen, Xiao Yang, Zhengwei Fang, Yu Tian, Yinpeng Dong, Zhaoxia, Yin, Hang Su

PDF

Open Access

TL;DR

AutoBreach introduces a universal, efficient, and automated black-box jailbreaking method for large language models, leveraging wordplay-guided optimization to identify vulnerabilities with high success rates and minimal queries.

Contribution

The paper presents AutoBreach, a novel automated approach for jailbreaking LLMs that uses wordplay-guided rules and optimization, reducing manual effort and improving universality and efficiency.

Findings

01

Achieves over 80% success rate across various LLMs

02

Requires fewer than 10 queries on average

03

Effective on proprietary and web-based LLM platforms

Abstract

Despite the widespread application of large language models (LLMs) across various tasks, recent studies indicate that they are susceptible to jailbreak attacks, which can render their defense mechanisms ineffective. However, previous jailbreak research has frequently been constrained by limited universality, suboptimal efficiency, and a reliance on manual crafting. In response, we rethink the approach to jailbreaking LLMs and formally define three essential properties from the attacker' s perspective, which contributes to guiding the design of jailbreak methods. We further introduce AutoBreach, a novel method for jailbreaking LLMs that requires only black-box access. Inspired by the versatility of wordplay, AutoBreach employs a wordplay-guided mapping rule sampling strategy to generate a variety of universal mapping rules for creating adversarial prompts. This generation process…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsDigital and Cyber Forensics · Image Processing and 3D Reconstruction · Digital Media Forensic Detection

MethodsRefunds@Expedia|||How do I get a full refund from Expedia? · 15 Ways to Contact How can i speak to someone at Delta Airlines · Attention Is All You Need · Label Smoothing · Adam · Position-Wise Feed-Forward Layer · Dropout · Dense Connections · Absolute Position Encodings · Softmax