Challenge: Despite advances in improving large language model (LLM) to refuse to answer malicious instructions, LLMs remain vulnerable to jailbreak attacks where attackers generate instructions with distributions differing from safety alignment corpora.
Approach: They propose a framework that leverages embedding space distribution analysis to generate jailbreak-like instructions.
Outcome: The proposed framework shows significant decreases in attack success rate on Qwen2.5, Llama3.1, and Llma3.2 without compromising their utility.

Similar Papers

Iterative Self-Tuning LLMs for Enhanced Jailbreaking Capabilities (2025.naacl-long)

Copied to clipboard

Challenge: Recent research shows that Large Language Models (LLMs) are vulnerable to automated jailbreak attacks.
Approach: They propose a framework that crafts adversarial LLMs with enhanced jailbreak ability.
Outcome: ADV-LLM significantly reduces the computational cost of generating adversarial suffixes while achieving nearly 100% ASR on various open-source LLMs.
Stand on The Shoulders of Giants: Building JailExpert from Previous Attack Experience (2025.emnlp-main)

Copied to clipboard

Challenge: Existing methods to generate human-aligned content with a “jailbreak prompt” are inefficient and repetitive, causing inefficiency and a lack of experience.
Approach: They propose a framework that integrates past attack experiences to aid current jailbreak attempts.
Outcome: The proposed framework improves both attack effectiveness and efficiency compared to the current black-box jailbreak method.
SafeInt: Shielding Large Language Models from Jailbreak Attacks via Safety-Aware Representation Intervention (2025.findings-emnlp)

Copied to clipboard

Challenge: Jailbreak attacks exploit vulnerabilities in large language models to induce undesirable behavior . existing defenses cannot dynamically adjust representations based on harmfulness of queries .
Approach: They propose a representation-aware representation method that shields LLMs from jailbreak attacks . SafeInt relocates jailbreak-related representations into the rejection region .
Outcome: The proposed method outperforms baseline defenses while maintaining utility . it relocates jailbreak-related representations into the rejection region .
Shaping the Safety Boundaries: Understanding and Defending Against Jailbreaks in Large Language Models (2025.acl-long)

Copied to clipboard

Challenge: Understanding how jailbreaking works remains limited, hindering the development of effective defense strategies.
Approach: They propose a new mechanism that adaptively constrains activations within the safety boundary and propose 'Activation Boundary Defense' to enhance its effectiveness.
Outcome: The proposed defense achieves an average Defense Success Rate (DSR) of over 98% against various jailbreak attacks, with less than 2% impact on the model’s general capabilities.
Why Not Act on What You Know? Unleashing Safety Potential of LLMs via Self-Aware Guard Enhancement (2025.findings-acl)

Copied to clipboard

Challenge: Large Language Models (LLMs) have demonstrated impressive capabilities across various tasks but are vulnerable to meticulously crafted jailbreak attacks.
Approach: They propose a training-free defense strategy to align LLMs’ strong safety discrimination performance with their relatively weaker safety generation ability.
Outcome: The proposed strategy achieves an average 99% success rate against numerous complex and covert jailbreak methods while maintaining helpfulness on general benchmarks.
SafeDecoding: Defending against Jailbreak Attacks via Safety-Aware Decoding (2024.acl-long)

Copied to clipboard

Challenge: Despite advances in large language models, they face substantial challenges in terms of safety.
Approach: They develop a safety-aware decoding strategy for large language models to defend against jailbreak attacks.
Outcome: The proposed strategy outperforms six defense methods against jailbreak attacks on five LLMs.
Intention Analysis Makes LLMs A Good Jailbreak Defender (2025.coling-main)

Copied to clipboard

Challenge: Existing methods to align large language models with human values overlook the intrinsic nature of jailbreaks, which limits their effectiveness in complex scenarios.
Approach: They propose a simple yet highly effective defense strategy, i.e., Intention Analysis (IA). They show that IA suppresses LLM’s tendency to follow jailbreak prompts, thereby enhancing safety.
Outcome: The proposed strategy reduces harmfulness of LLMs and outperforms GPT-3.5 in attack success rate.
Jailbreaks as Inference-Time Alignment: A Framework for Understanding Safety Failures in LLMs (2026.eacl-long)

Copied to clipboard

Challenge: Large language models are safety-aligned to prevent harmful response generation . prior work on jailbreak effectiveness has focused on analyzing success rate of jailbreaks .
Approach: They propose to frame jailbreaks as inference-time alignment and draw suboptimal bounds . they also propose a Safety-Net to measure how vulnerable an LLM is to jailbreak attacks .
Outcome: a new framework allows researchers to show how vulnerable an LLM is to jailbreaks . a Safety-Net measures how vulnerable the model is to attacks, the authors say .
A Comprehensive Study of Jailbreak Attack versus Defense for Large Language Models (2024.findings-acl)

Copied to clipboard

Challenge: Large Language Models (LLMs) have demonstrated capabilities for generating content that could be deemed harmful.
Approach: They conduct a comprehensive analysis of existing studies on jailbreaking LLMs and their defense techniques.
Outcome: The proposed techniques underperform existing white-box attacks and include special tokens significantly affects the likelihood of successful attacks.
SeqAR: Jailbreak LLMs with Sequential Auto-Generated Characters (2025.naacl-long)

Copied to clipboard

Challenge: Existing studies have focused on the potential misuse of large language models (LLMs) however, the ability to align LLMs with human values is still vulnerable to malicious attacks.
Approach: They propose a red-teaming strategy to enhance LLM safety by using a framework to design jailbreak prompts automatically.
Outcome: The proposed framework achieves attack success rates of 88% and 60% in cold-start scenarios.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations