Uncovering the Persuasive Fingerprint of LLMs in Jailbreaking Attacks

TL;DR

This paper investigates how persuasion techniques influence LLM jailbreak attacks, revealing that persuasion-aware prompts can effectively bypass safeguards and highlighting the need for interdisciplinary approaches to improve LLM safety.

Contribution

It introduces the concept of persuasive fingerprints in LLM jailbreaks and demonstrates their effectiveness across multiple models, combining social science theories with AI safety research.

Findings

Persuasion-aware prompts significantly bypass safeguards

LLMs exhibit distinct persuasive response patterns

Cross-disciplinary insights enhance understanding of LLM vulnerabilities

Abstract

Despite recent advances, Large Language Models remain vulnerable to jailbreak attacks that bypass alignment safeguards and elicit harmful outputs. While prior research has proposed various attack strategies differing in human readability and transferability, little attention has been paid to the linguistic and psychological mechanisms that may influence a model's susceptibility to such attacks. In this paper, we examine an interdisciplinary line of research that leverages foundational theories of persuasion from the social sciences to craft adversarial prompts capable of circumventing alignment constraints in LLMs. Drawing on well-established persuasive strategies, we hypothesize that LLMs, having been trained on large-scale human-generated text, may respond more compliantly to prompts with persuasive structures. Furthermore, we investigate whether LLMs themselves exhibit distinct persuasive fingerprints that emerge in their jailbreak responses. Empirical evaluations across multiple aligned LLMs reveal that persuasion-aware prompts significantly bypass safeguards, demonstrating their potential to induce jailbreak behaviors. This work underscores the importance of cross-disciplinary insight in addressing the evolving challenges of LLM safety. The code and data are available.