Diversity Helps Jailbreak Large Language Models
Weiliang Zhao, Daniel Ben-Levi, Wei Hao, Junfeng Yang, Chengzhi Mao
TL;DR
This paper introduces a novel jailbreak technique exploiting LLMs' ability to diverge from context, significantly increasing success rates in bypassing safety measures across multiple chatbots with fewer queries.
Contribution
The authors reveal a new method that outperforms existing jailbreak approaches by leveraging divergence and obfuscation, exposing vulnerabilities in current LLM safety training.
Findings
Achieves up to 62.83% higher success rate in bypassing chatbots
Uses only 12.9% of the queries compared to previous methods
Exposes critical flaws in current LLM safety measures
Abstract
We have uncovered a powerful jailbreak technique that leverages large language models' ability to diverge from prior context, enabling them to bypass safety constraints and generate harmful outputs. By simply instructing the LLM to deviate and obfuscate previous attacks, our method dramatically outperforms existing approaches, achieving up to a 62.83% higher success rate in compromising ten leading chatbots, including GPT-4, Gemini, and Llama, while using only 12.9% of the queries. This revelation exposes a critical flaw in current LLM safety training, suggesting that existing methods may merely mask vulnerabilities rather than eliminate them. Our findings sound an urgent alarm for the need to revolutionize testing methodologies to ensure robust and reliable LLM security.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
Taxonomy
TopicsDigital and Cyber Forensics
MethodsAttention Is All You Need · Adam · Linear Layer · Absolute Position Encodings · Multi-Head Attention · Residual Connection · Softmax · Byte Pair Encoding · Dropout · Dense Connections