Challenge: Existing methods focus on surface-level patterns, overlooking the deeper attack essences.
Approach: They propose an Essence-Driven Defense Framework Against Jailbreak Attacks in Aligned Large Language Models that extracts the "attack essence" from a diverse set of known attack instances and stores it in an offline vector database.
Outcome: The proposed framework outperforms existing methods by reducing the Attack Success Rate by at least 20%, underscoring its superior robustness against jailbreak attacks.

Similar Papers

CAVGAN: Unifying Jailbreak and Defense of LLMs via Generative Adversarial Attacks on their Internal Representations (2025.findings-acl)

Copied to clipboard

Challenge: Existing studies have isolated LLM jailbreak attacks and defenses . a new framework combines attack and defense to protect against malicious queries .
Approach: They propose a framework that combines attack and defense to protect the Large Language Model (LLM) by embedding harmful problems into the safe area.
Outcome: The proposed framework achieves an average jailbreak success rate of 88.85% across three popular LLMs while the defense success rate reaches an average of 84.17%.
Iterative Self-Tuning LLMs for Enhanced Jailbreaking Capabilities (2025.naacl-long)

Copied to clipboard

Challenge: Recent research shows that Large Language Models (LLMs) are vulnerable to automated jailbreak attacks.
Approach: They propose a framework that crafts adversarial LLMs with enhanced jailbreak ability.
Outcome: ADV-LLM significantly reduces the computational cost of generating adversarial suffixes while achieving nearly 100% ASR on various open-source LLMs.
Exploring Jailbreak Attacks on LLMs through Intent Concealment and Diversion (2025.findings-acl)

Copied to clipboard

Challenge: Existing jailbreak methods face an excessive number of iterative queries and poor generalization across models.
Approach: They propose a jailbreak method that employs **I**ntent **C**oncealment and div**E**rsion to circumvent security constraints.
Outcome: The proposed method outperforms existing jailbreak techniques in question-answering and text-generation tasks.
Shaping the Safety Boundaries: Understanding and Defending Against Jailbreaks in Large Language Models (2025.acl-long)

Copied to clipboard

Challenge: Understanding how jailbreaking works remains limited, hindering the development of effective defense strategies.
Approach: They propose a new mechanism that adaptively constrains activations within the safety boundary and propose 'Activation Boundary Defense' to enhance its effectiveness.
Outcome: The proposed defense achieves an average Defense Success Rate (DSR) of over 98% against various jailbreak attacks, with less than 2% impact on the model’s general capabilities.
AGD: Adversarial Game Defense Against Jailbreak Attacks in Large Language Models (2025.acl-long)

Copied to clipboard

Challenge: Existing defenses, including post-training alignment and prompt engineering, struggle with adaptability to out-of-distribution (OOD) attacks.
Approach: They propose an adversarial game-based defense method that dynamically adjusts LLMs’ internal representations to achieve a balanced trade-off between helpfulness and harmlessness.
Outcome: The proposed method improves LLMs’ safety over all baselines.
Beyond Surface-Level Detection: Towards Cognitive-Driven Defense Against Jailbreak Attacks via Meta-Operations Reasoning (2026.acl-long)

Copied to clipboard

Challenge: Existing defenses rely on shallow pattern matching, which struggles to generalize to novel and unseen attack strategies.
Approach: They propose a framework which emulates human cognitive reasoning through a structured reasoning chain.
Outcome: The proposed framework achieves state-of-the-art performance and exhibits strong generalization to unseen attacks.
ASTRA: An Automated Framework for Strategy Discovery, Retrieval, and Evolution for Jailbreaking LLMs (2026.acl-long)

Copied to clipboard

Challenge: Existing methods lack the capability for continuous learning and self-evolution from interactions, limiting the diversity and adaptability of attack strategies.
Approach: They propose an automated framework capable of discovering, retrieving, and evolving attack strategies.
Outcome: The proposed framework outperforms existing baselines in a black-box setting.
Defending Jailbreak Prompts via In-Context Adversarial Game (2024.emnlp-main)

Copied to clipboard

Challenge: Large Language Models (LLMs) demonstrate remarkable capabilities across diverse applications, but concerns regarding their security persist.
Approach: They propose an adversarial game that leverages agent learning to extend knowledge to defend against jailbreaks.
Outcome: The proposed game shows that LLMs safeguarded by ICAG exhibit significantly reduced jailbreak success rates across various attack scenarios.
From Attack Surfaces to Actual Operations: A Survey of Modern LLM Jailbreaks (2026.findings-acl)

Copied to clipboard

Challenge: Existing taxonomies focus on manipulation methods rather than underlying mechanisms, limiting our understanding of attack effectiveness and defensive strategies.
Approach: They propose a two-fold taxonomy to categorize attacks across three tiers based on exploited vulnerabilities and approaches and an operational taxonomies to evaluate attacks across four dimensions.
Outcome: The proposed taxonomy categorizes attacks across three tiers based on exploited vulnerabilities and approaches and evaluates attacks on four dimensions to assess real-world feasibility and sustainability.
Defensive Prompt Patch: A Robust and Generalizable Defense of Large Language Models against Jailbreak Attacks (2025.findings-acl)

Copied to clipboard

Challenge: Recent advances in large language models (LLMs) have showcased their ability to understand and generate text akin to human interaction.
Approach: They propose a prompt-based defense mechanism specifically designed to protect LLMs against jailbreak attacks by introducing jailbreak prompts into malicious queries.
Outcome: Empirical results show that the proposed defense outperforms existing defense strategies in balancing safety and utility while maintaining high utility.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations