Exploiting Latent Space Discontinuities for Building Universal LLM Jailbreaks and Data Extraction Attacks

TL;DR

This paper introduces a novel attack method exploiting latent space discontinuities in LLMs, enabling universal jailbreaks and data extraction across multiple models despite defenses.

Contribution

It presents a new approach to adversarial attacks on LLMs by leveraging latent space vulnerabilities, demonstrating broad applicability and effectiveness.

Findings

Effective across seven state-of-the-art LLMs and one image model

Can bypass layered defenses consistently

Highlights systemic security vulnerabilities in LLM architectures

Abstract

The rapid proliferation of Large Language Models (LLMs) has raised significant concerns about their security against adversarial attacks. In this work, we propose a novel approach to crafting universal jailbreaks and data extraction attacks by exploiting latent space discontinuities, an architectural vulnerability related to the sparsity of training data. Unlike previous methods, our technique generalizes across various models and interfaces, proving highly effective in seven state-of-the-art LLMs and one image generation model. Initial results indicate that when these discontinuities are exploited, they can consistently and profoundly compromise model behavior, even in the presence of layered defenses. The findings suggest that this strategy has substantial potential as a systemic attack vector.