Challenge: “Jailbreak” is a major safety concern of Large Language Models (LLMs).
Approach: They propose a benchmarking framework to evaluate "jailbreak" outputs . they propose specialized validation framework to ensure outputs are useful malicious instructions .
Outcome: The proposed framework enhances existing benchmarks to ensure outputs are useful . it also aims to evaluate the true potential of jailbroken outputs to cause harm to human society.

Similar Papers

Confusion is the Final Barrier: Rethinking Jailbreak Evaluation and Investigating the Real Misuse Threat of LLMs (2025.findings-emnlp)

Copied to clipboard

Challenge: Large Language Models have been developed to deal with real-world crimes, but it remains unclear whether they internalize authentic knowledge or are forced to simulate toxic language patterns.
Approach: They construct knowledge-intensive Q&A to investigate misuse threats of Large Language Models in terms of dangerous knowledge possession, harmful task planning utility, and harmfulness judgment robustness.
Outcome: The findings raise concerns that jailbreak success is often attributable to a hallucination loop between jailbroken LLM and judger LLM .
How Alignment and Jailbreak Work: Explain LLM Safety through Intermediate Hidden States (2024.findings-emnlp)

Copied to clipboard

Challenge: Large language models (LLMs) rely on safety alignment to avoid malicious user inputs.
Approach: They employ weak classifiers to explain LLM safety through the intermediate hidden states.
Outcome: The proposed model can identify malicious and normal inputs and detect malicious ones without jailbreak.
Shaping the Safety Boundaries: Understanding and Defending Against Jailbreaks in Large Language Models (2025.acl-long)

Copied to clipboard

Challenge: Understanding how jailbreaking works remains limited, hindering the development of effective defense strategies.
Approach: They propose a new mechanism that adaptively constrains activations within the safety boundary and propose 'Activation Boundary Defense' to enhance its effectiveness.
Outcome: The proposed defense achieves an average Defense Success Rate (DSR) of over 98% against various jailbreak attacks, with less than 2% impact on the model’s general capabilities.
Large Language Models Are Involuntary Truth-Tellers: Exploiting Fallacy Failure for Jailbreak Attacks (2024.emnlp-main)

Copied to clipboard

Challenge: Existing research has shown that large language models have difficulty discerning the veracity of their intrinsic answers.
Approach: They propose a jailbreak attack method that generates an aligned language model for malicious output.
Outcome: The proposed method achieves competitive performance with more harmful outputs.
Jailbreaks as Inference-Time Alignment: A Framework for Understanding Safety Failures in LLMs (2026.eacl-long)

Copied to clipboard

Challenge: Large language models are safety-aligned to prevent harmful response generation . prior work on jailbreak effectiveness has focused on analyzing success rate of jailbreaks .
Approach: They propose to frame jailbreaks as inference-time alignment and draw suboptimal bounds . they also propose a Safety-Net to measure how vulnerable an LLM is to jailbreak attacks .
Outcome: a new framework allows researchers to show how vulnerable an LLM is to jailbreaks . a Safety-Net measures how vulnerable the model is to attacks, the authors say .
LLMs Caught in the Crossfire: Malware Requests and Jailbreak Challenges (2025.acl-long)

Copied to clipboard

Challenge: Large Language Models (LLMs) have a high vulnerability to jailbreak attacks that leverage crafted prompts to generate malicious outputs.
Approach: They propose to use large language models to test their security against jailbreak attacks that leverage crafted prompts to generate malicious outputs.
Outcome: The proposed model is based on 320 manually crafted malicious code generation requirements, covering 11 jailbreak methods and 29 code functionality categories.
Jailbreaking Attacks vs. Content Safety Filters: How Far Are We in the LLM Safety Arms Race? (2026.findings-acl)

Copied to clipboard

Challenge: Existing studies have focused on the models, neglecting the full deployment pipeline . previous studies have underestimated the practical success of these attacks .
Approach: They evaluate the effectiveness of jailbreak attacks targeting LLM safety alignment . they highlight critical gaps and call for further refinement of detection accuracy and usability .
Outcome: The proposed attacks can detect at least one safety filter across the entire deployment pipeline.
Towards Understanding Jailbreak Attacks in LLMs: A Representation Space Analysis (2024.emnlp-main)

Copied to clipboard

Challenge: Large language models (LLMs) are susceptible to a type of attack known as jailbreaking, which misleads LLMs to output harmful contents.
Approach: They propose to leverage hidden representations into existing jailbreak targets to move the attacks along the acceptance direction.
Outcome: The proposed methods are validated using the objective of existing jailbreak attacks.
Unleashing the Unseen: Harnessing Benign Datasets for Jailbreaking Large Language Models (2026.findings-eacl)

Copied to clipboard

Challenge: Despite significant efforts in safety alignment, large language models (LLMs) such as GPT-4 and LLaMA 3 remain vulnerable to jailbreak attacks that can induce harmful behaviors.
Approach: They propose a feature extraction method to extract sample-agnostic features from benign datasets in the form of adversarial suffixes and propose 'suffix maybe features' they show that adversarials generated from jailbreak attacks may contain meaningful features, i.e. appending the same suffix to different prompts results in responses exhibiting specific characteristics.
Outcome: The proposed method extracts sample-agnostic features from benign datasets and shows that they may contain meaningful features.
CAVGAN: Unifying Jailbreak and Defense of LLMs via Generative Adversarial Attacks on their Internal Representations (2025.findings-acl)

Copied to clipboard

Challenge: Existing studies have isolated LLM jailbreak attacks and defenses . a new framework combines attack and defense to protect against malicious queries .
Approach: They propose a framework that combines attack and defense to protect the Large Language Model (LLM) by embedding harmful problems into the safe area.
Outcome: The proposed framework achieves an average jailbreak success rate of 88.85% across three popular LLMs while the defense success rate reaches an average of 84.17%.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations