A Comprehensive Study of Jailbreak Attack versus Defense for Large Language Models (2024.findings-acl)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) have demonstrated capabilities for generating content that could be deemed harmful. |
| Approach: | They conduct a comprehensive analysis of existing studies on jailbreaking LLMs and their defense techniques. |
| Outcome: | The proposed techniques underperform existing white-box attacks and include special tokens significantly affects the likelihood of successful attacks. |
Similar Papers
From Attack Surfaces to Actual Operations: A Survey of Modern LLM Jailbreaks (2026.findings-acl)
Copied to clipboard
| Challenge: | Existing taxonomies focus on manipulation methods rather than underlying mechanisms, limiting our understanding of attack effectiveness and defensive strategies. |
| Approach: | They propose a two-fold taxonomy to categorize attacks across three tiers based on exploited vulnerabilities and approaches and an operational taxonomies to evaluate attacks across four dimensions. |
| Outcome: | The proposed taxonomy categorizes attacks across three tiers based on exploited vulnerabilities and approaches and evaluates attacks on four dimensions to assess real-world feasibility and sustainability. |
Revisiting Jailbreaking for Large Language Models: A Representation Engineering Perspective (2025.coling-main)
Copied to clipboard
Tianlong Li, Zhenghua Wang, Wenhao Liu, Muling Wu, Shihan Dou, Changze Lv, Xiaohua Wang, Xiaoqing Zheng, Xuanjing Huang
| Challenge: | Recent surge in jailbreaking attacks has revealed significant vulnerabilities in Large Language Models (LLMs) however, limited research into the underlying mechanisms that make LLMs vulnerable to such attacks has been conducted. |
| Approach: | They propose that LLMs' self-safeguarding capability is linked to specific activity patterns within their representation space. |
| Outcome: | The proposed models can be detected with a few pairs of contrastive queries, and the robustness can be manipulated by weakening or strengthening these patterns. |
Shaping the Safety Boundaries: Understanding and Defending Against Jailbreaks in Large Language Models (2025.acl-long)
Copied to clipboard
| Challenge: | Understanding how jailbreaking works remains limited, hindering the development of effective defense strategies. |
| Approach: | They propose a new mechanism that adaptively constrains activations within the safety boundary and propose 'Activation Boundary Defense' to enhance its effectiveness. |
| Outcome: | The proposed defense achieves an average Defense Success Rate (DSR) of over 98% against various jailbreak attacks, with less than 2% impact on the model’s general capabilities. |
Tricking LLMs into Disobedience: Formalizing, Analyzing, and Detecting Jailbreaks (2024.lrec-main)
Copied to clipboard
| Challenge: | Existing methods to jailbreak large language models have been poorly studied . a recent study showed that non-expert users can jailbreak LLMs by manipulating their prompts . |
| Approach: | They propose a formalism and a taxonomy of known (and possible) jailbreaks . they propose generating a dataset of model outputs across 3700 jailbreak prompts a 'prompt' attack is a new attack popularly categorized as "prompting injection attacks" |
| Outcome: | The proposed model exploits 3700 jailbreak prompts over 4 tasks to analyze their effectiveness . authors show that the model can learn to perform a new task on unseen examples . |
Cognitive Overload: Jailbreaking Large Language Models with Overloaded Logical Thinking (2024.findings-naacl)
Copied to clipboard
| Challenge: | Large language models (LLMs) have demonstrated increasing power, but they also have vulnerabilities. |
| Approach: | They propose a black-box attack that targets the cognitive structure and processes of large language models (LLMs) they propose defending cognitive overload attacks from three perspectives. |
| Outcome: | The proposed attack is a black-box attack with no need for knowledge of model architecture or access to model weights. |
Exploring Jailbreak Attacks on LLMs through Intent Concealment and Diversion (2025.findings-acl)
Copied to clipboard
| Challenge: | Existing jailbreak methods face an excessive number of iterative queries and poor generalization across models. |
| Approach: | They propose a jailbreak method that employs **I**ntent **C**oncealment and div**E**rsion to circumvent security constraints. |
| Outcome: | The proposed method outperforms existing jailbreak techniques in question-answering and text-generation tasks. |
Beyond the Tip of Efficiency: Uncovering the Submerged Threats of Jailbreak Attacks in Small Language Models (2025.findings-acl)
Copied to clipboard
| Challenge: | Small language models (SLMs) have become increasingly prominent in the deployment on edge devices due to their high efficiency and low computational cost. |
| Approach: | They evaluate the security performance of 13 state-of-the-art small language models under various jailbreak attacks. |
| Outcome: | The proposed methods demonstrate that SLMs are quite susceptible to jailbreak attacks and some are even vulnerable to harmful prompts. |
Diversity Helps Jailbreak Large Language Models (2025.naacl-long)
Copied to clipboard
| Challenge: | Existing methods for jailbreaking large language models rely on laborious human engineering and whitebox access to model internals. |
| Approach: | They propose a method that instructs large language models to deviate from prior context and generate harmful outputs by instructing them to deviat from previous attacks. |
| Outcome: | The proposed method achieves a 62.83% higher success rate in compromising ten leading chatbots, while using only 12.9% of the queries. |
From LLMs to MLLMs: Exploring the Landscape of Multimodal Jailbreaking (2024.emnlp-main)
Copied to clipboard
| Challenge: | Recent advances in Large Language Models (LLMs) have demonstrated remarkable performance across various tasks, effectively following instructions to meet diverse user needs. |
| Approach: | They propose a framework for evaluation benchmarks and attack techniques for LLMs and MLLMs to enhance their security. |
| Outcome: | The proposed frameworks have been exploited to exploit the weaknesses of LLMs and MLLMs. |
JailbreakRadar: Comprehensive Assessment of Jailbreak Attacks Against LLMs (2025.acl-long)
Copied to clipboard
| Challenge: | Large language models (LLMs) have been used to mitigate misuse and to align with human values. |
| Approach: | They propose to use large-scale evaluations of various jailbreak attacks to identify key patterns and test them under eight advanced defenses. |
| Outcome: | The proposed attacks achieve high success rates but are easy to mitigate by defenses. |