Exploring Straightforward Conversational Red-Teaming
George Kour, Naama Zwerdling, Marcel Zalmanovici, Ateret, Anaby-Tavor, Ora Nova Fandina, Eitan Farchi
TL;DR
This paper investigates how off-the-shelf large language models can be used as red teamers to identify security and ethical vulnerabilities in dialogue systems through conversational attacks.
Contribution
It demonstrates that off-the-shelf LLMs can effectively perform red-teaming in multi-turn dialogues and adapt strategies based on previous attempts.
Findings
Off-the-shelf LLMs can serve as effective red teamers.
Conversational tactics outperform single-turn approaches.
Effectiveness decreases with increased model alignment.
Abstract
Large language models (LLMs) are increasingly used in business dialogue systems but they pose security and ethical risks. Multi-turn conversations, where context influences the model's behavior, can be exploited to produce undesired responses. In this paper, we examine the effectiveness of utilizing off-the-shelf LLMs in straightforward red-teaming approaches, where an attacker LLM aims to elicit undesired output from a target LLM, comparing both single-turn and conversational red-teaming tactics. Our experiments offer insights into various usage strategies that significantly affect their performance as red teamers. They suggest that off-the-shelf models can act as effective red teamers and even adjust their attack strategy based on past attempts, although their effectiveness decreases with greater alignment.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCommunication in Education and Healthcare