Jailbreaking Leading Safety-Aligned LLMs with Simple Adaptive Attacks

arXiv:2404.02151v1 Announce Type: new
Abstract: We show that even the most recent safety-aligned LLMs are not robust to simple adaptive jailbreaking attacks. First, we demonstrate how to successfully leverage access to logprobs for jailbreaking: we initially design an adversarial prompt template (sometimes adapted to the target LLM), and then we apply random search on a suffix to maximize the target logprob (e.g., of the token "Sure"), potentially with multiple restarts. In this way, we achieve nearly 100\% attack success rate …

arxiv attacks cs.ai cs.cr cs.lg jailbreaking llms safety simple stat.ml