Beyond Jailbreaks: Revealing Stealthier and Broader LLM Security Risks Stemming from Alignment Failures

TL;DR

This paper reveals hidden security risks in large language models caused by alignment failures, especially when harmless inputs lead to dangerous outputs, and introduces a new benchmark and attack methods to evaluate these risks.

Contribution

It introduces JailFlipBench, a benchmark for implicit harm detection, and develops attack methodologies to evaluate LLM safety beyond traditional jailbreaks.

Findings

Implicit harm poses immediate real-world risks

JailFlip attack methods effectively reveal hidden vulnerabilities

Broader safety assessments are necessary for LLM deployment

Abstract

Large language models (LLMs) are increasingly deployed in real-world applications, raising concerns about their security. While jailbreak attacks highlight failures under overtly harmful queries, they overlook a critical risk: incorrectly answering harmless-looking inputs can be dangerous and cause real-world harm (Implicit Harm). We systematically reformulate the LLM risk landscape through a structured quadrant perspective based on output factuality and input harmlessness, uncovering an overlooked high-risk region. To investigate this gap, we propose JailFlipBench, a benchmark aims to capture implicit harm, spanning single-modal, multimodal, and factual extension scenarios with diverse evaluation metrics. We further develop initial JailFlip attack methodologies and conduct comprehensive evaluations across multiple open-source and black-box LLMs, show that implicit harm present immediate and urgent real-world risks, calling for broader LLM safety assessments and alignment beyond conventional jailbreak paradigms.