Model-Editing-Based Jailbreak against Safety-aligned Large Language Models

TL;DR

This paper introduces Targeted Model Editing (TME), a white-box method that minimally alters LLMs to bypass safety filters without input modifications, achieving high attack success rates and exposing new security vulnerabilities.

Contribution

The paper proposes TME, a novel approach for model-based jailbreaks that directly modifies internal model structures, surpassing existing input-based methods in stealth and effectiveness.

Findings

Achieves an average Attack Success Rate (ASR) of 84.86% on four open-source LLMs.

Eliminates the need for specific triggers or harmful response collections.

Demonstrates a covert, robust threat vector in LLM security.

Abstract

Large Language Models (LLMs) have transformed numerous fields by enabling advanced natural language interactions but remain susceptible to critical vulnerabilities, particularly jailbreak attacks. Current jailbreak techniques, while effective, often depend on input modifications, making them detectable and limiting their stealth and scalability. This paper presents Targeted Model Editing (TME), a novel white-box approach that bypasses safety filters by minimally altering internal model structures while preserving the model's intended functionalities. TME identifies and removes safety-critical transformations (SCTs) embedded in model matrices, enabling malicious queries to bypass restrictions without input modifications. By analyzing distinct activation patterns between safe and unsafe queries, TME isolates and approximates SCTs through an optimization process. Implemented in the D-LLM framework, our method achieves an average Attack Success Rate (ASR) of 84.86% on four mainstream open-source LLMs, maintaining high performance. Unlike existing methods, D-LLM eliminates the need for specific triggers or harmful response collections, offering a stealthier and more effective jailbreak strategy. This work reveals a covert and robust threat vector in LLM security and emphasizes the need for stronger safeguards in model safety alignment.