Beyond Surface-Level Patterns: An Essence-Driven Defense Framework Against Jailbreak Attacks in LLMs (2025.findings-acl)
Copied to clipboard
| Challenge: | Existing methods focus on surface-level patterns, overlooking the deeper attack essences. |
| Approach: | They propose an Essence-Driven Defense Framework Against Jailbreak Attacks in Aligned Large Language Models that extracts the "attack essence" from a diverse set of known attack instances and stores it in an offline vector database. |
| Outcome: | The proposed framework outperforms existing methods by reducing the Attack Success Rate by at least 20%, underscoring its superior robustness against jailbreak attacks. |
Similar Papers
CAVGAN: Unifying Jailbreak and Defense of LLMs via Generative Adversarial Attacks on their Internal Representations (2025.findings-acl)
Copied to clipboard
| Challenge: | Existing studies have isolated LLM jailbreak attacks and defenses . a new framework combines attack and defense to protect against malicious queries . |
| Approach: | They propose a framework that combines attack and defense to protect the Large Language Model (LLM) by embedding harmful problems into the safe area. |
| Outcome: | The proposed framework achieves an average jailbreak success rate of 88.85% across three popular LLMs while the defense success rate reaches an average of 84.17%. |
Iterative Self-Tuning LLMs for Enhanced Jailbreaking Capabilities (2025.naacl-long)
Copied to clipboard
Chung-En Sun, Xiaodong Liu, Weiwei Yang, Tsui-Wei Weng, Hao Cheng, Aidan San, Michel Galley, Jianfeng Gao
| Challenge: | Recent research shows that Large Language Models (LLMs) are vulnerable to automated jailbreak attacks. |
| Approach: | They propose a framework that crafts adversarial LLMs with enhanced jailbreak ability. |
| Outcome: | ADV-LLM significantly reduces the computational cost of generating adversarial suffixes while achieving nearly 100% ASR on various open-source LLMs. |
Exploring Jailbreak Attacks on LLMs through Intent Concealment and Diversion (2025.findings-acl)
Copied to clipboard
| Challenge: | Existing jailbreak methods face an excessive number of iterative queries and poor generalization across models. |
| Approach: | They propose a jailbreak method that employs **I**ntent **C**oncealment and div**E**rsion to circumvent security constraints. |
| Outcome: | The proposed method outperforms existing jailbreak techniques in question-answering and text-generation tasks. |
Shaping the Safety Boundaries: Understanding and Defending Against Jailbreaks in Large Language Models (2025.acl-long)
Copied to clipboard
| Challenge: | Understanding how jailbreaking works remains limited, hindering the development of effective defense strategies. |
| Approach: | They propose a new mechanism that adaptively constrains activations within the safety boundary and propose 'Activation Boundary Defense' to enhance its effectiveness. |
| Outcome: | The proposed defense achieves an average Defense Success Rate (DSR) of over 98% against various jailbreak attacks, with less than 2% impact on the model’s general capabilities. |
AGD: Adversarial Game Defense Against Jailbreak Attacks in Large Language Models (2025.acl-long)
Copied to clipboard
Shilong Pan, Zhiliang Tian, Zhen Huang, Wanlong Yu, Zhihua Wen, Xinwang Liu, Kai Lu, Minlie Huang, Dongsheng Li
| Challenge: | Existing defenses, including post-training alignment and prompt engineering, struggle with adaptability to out-of-distribution (OOD) attacks. |
| Approach: | They propose an adversarial game-based defense method that dynamically adjusts LLMs’ internal representations to achieve a balanced trade-off between helpfulness and harmlessness. |
| Outcome: | The proposed method improves LLMs’ safety over all baselines. |
Beyond Surface-Level Detection: Towards Cognitive-Driven Defense Against Jailbreak Attacks via Meta-Operations Reasoning (2026.acl-long)
Copied to clipboard
| Challenge: | Existing defenses rely on shallow pattern matching, which struggles to generalize to novel and unseen attack strategies. |
| Approach: | They propose a framework which emulates human cognitive reasoning through a structured reasoning chain. |
| Outcome: | The proposed framework achieves state-of-the-art performance and exhibits strong generalization to unseen attacks. |
ASTRA: An Automated Framework for Strategy Discovery, Retrieval, and Evolution for Jailbreaking LLMs (2026.acl-long)
Copied to clipboard
| Challenge: | Existing methods lack the capability for continuous learning and self-evolution from interactions, limiting the diversity and adaptability of attack strategies. |
| Approach: | They propose an automated framework capable of discovering, retrieving, and evolving attack strategies. |
| Outcome: | The proposed framework outperforms existing baselines in a black-box setting. |
Defending Jailbreak Prompts via In-Context Adversarial Game (2024.emnlp-main)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) demonstrate remarkable capabilities across diverse applications, but concerns regarding their security persist. |
| Approach: | They propose an adversarial game that leverages agent learning to extend knowledge to defend against jailbreaks. |
| Outcome: | The proposed game shows that LLMs safeguarded by ICAG exhibit significantly reduced jailbreak success rates across various attack scenarios. |
From Attack Surfaces to Actual Operations: A Survey of Modern LLM Jailbreaks (2026.findings-acl)
Copied to clipboard
| Challenge: | Existing taxonomies focus on manipulation methods rather than underlying mechanisms, limiting our understanding of attack effectiveness and defensive strategies. |
| Approach: | They propose a two-fold taxonomy to categorize attacks across three tiers based on exploited vulnerabilities and approaches and an operational taxonomies to evaluate attacks across four dimensions. |
| Outcome: | The proposed taxonomy categorizes attacks across three tiers based on exploited vulnerabilities and approaches and evaluates attacks on four dimensions to assess real-world feasibility and sustainability. |
Defensive Prompt Patch: A Robust and Generalizable Defense of Large Language Models against Jailbreak Attacks (2025.findings-acl)
Copied to clipboard
| Challenge: | Recent advances in large language models (LLMs) have showcased their ability to understand and generate text akin to human interaction. |
| Approach: | They propose a prompt-based defense mechanism specifically designed to protect LLMs against jailbreak attacks by introducing jailbreak prompts into malicious queries. |
| Outcome: | Empirical results show that the proposed defense outperforms existing defense strategies in balancing safety and utility while maintaining high utility. |