Challenge: Large Language Models (LLMs) have demonstrated impressive capabilities across various tasks but are vulnerable to meticulously crafted jailbreak attacks.
Approach: They propose a training-free defense strategy to align LLMs’ strong safety discrimination performance with their relatively weaker safety generation ability.
Outcome: The proposed strategy achieves an average 99% success rate against numerous complex and covert jailbreak methods while maintaining helpfulness on general benchmarks.

Similar Papers

SELF-GUARD: Empower the LLM to Safeguard Itself (2024.naacl-long)

Copied to clipboard

Challenge: Recent studies have investigated methods to improve the safety of large language models (LLMs) safety training involves fine-tuning the LLM with adversarial samples, which activate the LRM’s capabilities against jailbreak.
Approach: They propose a safety training approach that integrates safety training and safeguards to train the LLM to perform harmfulness detection on its own outputs.
Outcome: The proposed method reduces harmful output and adds a [harmful] or [harmless] tag to the end of the LLM's response.
Unraveling LLM Jailbreaks Through Safety Knowledge Neurons (2026.eacl-long)

Copied to clipboard

Challenge: Large Language Models (LLMs) have achieved significant progress in alignment, ensuring safer and more reliable outputs.
Approach: They propose a neuron-level interpretability method that focuses on the role of safety-related knowledge neurons to improve model robustness against jailbreak attacks.
Outcome: The proposed method reduces attack success rates across multiple LLMs and outperforms all baseline defenses.
Revisiting Jailbreaking for Large Language Models: A Representation Engineering Perspective (2025.coling-main)

Copied to clipboard

Challenge: Recent surge in jailbreaking attacks has revealed significant vulnerabilities in Large Language Models (LLMs) however, limited research into the underlying mechanisms that make LLMs vulnerable to such attacks has been conducted.
Approach: They propose that LLMs' self-safeguarding capability is linked to specific activity patterns within their representation space.
Outcome: The proposed models can be detected with a few pairs of contrastive queries, and the robustness can be manipulated by weakening or strengthening these patterns.
SafeDecoding: Defending against Jailbreak Attacks via Safety-Aware Decoding (2024.acl-long)

Copied to clipboard

Challenge: Despite advances in large language models, they face substantial challenges in terms of safety.
Approach: They develop a safety-aware decoding strategy for large language models to defend against jailbreak attacks.
Outcome: The proposed strategy outperforms six defense methods against jailbreak attacks on five LLMs.
Reasoning-to-Defend: Safety-Aware Reasoning Can Defend Large Language Models from Jailbreaking (2025.emnlp-main)

Copied to clipboard

Challenge: Large Reasoning Models (LLMs) have demonstrated impressive performances across diverse domains, but how their safety benefits from enhanced reasoning capabilities against jailbreak queries remains unexplored.
Approach: They propose a safety-aware reasoning paradigm that integrates a pivot token-based safety-based reasoning mechanism into LLMs’ generation process.
Outcome: The proposed model improves the safety of large language models against jailbreak queries while minimizing attacks and maintaining the original performance.
Defending Large Language Models Against Jailbreak Attacks via Layer-specific Editing (2024.findings-emnlp)

Copied to clipboard

Challenge: Existing defense methods focus on detecting harmful prompts or reducing the likelihood of harmful responses.
Approach: They propose a layer-specific editing method to align LLMs to harmful prompts by supervised fine-tuning and reinforcement learning.
Outcome: The proposed method improves the performance of large language models against jailbreak attacks while maintaining performance on benign prompts.
LLM Jailbreak Detection for (Almost) Free! (2025.findings-emnlp)

Copied to clipboard

Challenge: Existing methods for detecting jailbreak prompts entail significant computational costs .
Approach: They propose a free jailbreak detection method which scales logits by temperature to detect jailbreak prompts .
Outcome: The proposed method detects jailbreak prompts with no additional computational costs.
Iterative Self-Tuning LLMs for Enhanced Jailbreaking Capabilities (2025.naacl-long)

Copied to clipboard

Challenge: Recent research shows that Large Language Models (LLMs) are vulnerable to automated jailbreak attacks.
Approach: They propose a framework that crafts adversarial LLMs with enhanced jailbreak ability.
Outcome: ADV-LLM significantly reduces the computational cost of generating adversarial suffixes while achieving nearly 100% ASR on various open-source LLMs.
Tricking LLMs into Disobedience: Formalizing, Analyzing, and Detecting Jailbreaks (2024.lrec-main)

Copied to clipboard

Challenge: Existing methods to jailbreak large language models have been poorly studied . a recent study showed that non-expert users can jailbreak LLMs by manipulating their prompts .
Approach: They propose a formalism and a taxonomy of known (and possible) jailbreaks . they propose generating a dataset of model outputs across 3700 jailbreak prompts a 'prompt' attack is a new attack popularly categorized as "prompting injection attacks"
Outcome: The proposed model exploits 3700 jailbreak prompts over 4 tasks to analyze their effectiveness . authors show that the model can learn to perform a new task on unseen examples .
Intention Analysis Makes LLMs A Good Jailbreak Defender (2025.coling-main)

Copied to clipboard

Challenge: Existing methods to align large language models with human values overlook the intrinsic nature of jailbreaks, which limits their effectiveness in complex scenarios.
Approach: They propose a simple yet highly effective defense strategy, i.e., Intention Analysis (IA). They show that IA suppresses LLM’s tendency to follow jailbreak prompts, thereby enhancing safety.
Outcome: The proposed strategy reduces harmfulness of LLMs and outperforms GPT-3.5 in attack success rate.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations