Challenge: Large Language Models (LLMs) are vulnerable to diverse jailbreak attacks despite extensive safety alignment .
Approach: They propose a method to rectify dynamic jailbreak paths towards safety anchors by dynamically mining on-policy adversarial samples to expose vulnerabilities and identify jailbreak path.
Outcome: The proposed model significantly improves jailbreak resistance against dynamic attacks while maintaining its utility.

Similar Papers

Shaping the Safety Boundaries: Understanding and Defending Against Jailbreaks in Large Language Models (2025.acl-long)

Copied to clipboard

Challenge: Understanding how jailbreaking works remains limited, hindering the development of effective defense strategies.
Approach: They propose a new mechanism that adaptively constrains activations within the safety boundary and propose 'Activation Boundary Defense' to enhance its effectiveness.
Outcome: The proposed defense achieves an average Defense Success Rate (DSR) of over 98% against various jailbreak attacks, with less than 2% impact on the model’s general capabilities.
CAVGAN: Unifying Jailbreak and Defense of LLMs via Generative Adversarial Attacks on their Internal Representations (2025.findings-acl)

Copied to clipboard

Challenge: Existing studies have isolated LLM jailbreak attacks and defenses . a new framework combines attack and defense to protect against malicious queries .
Approach: They propose a framework that combines attack and defense to protect the Large Language Model (LLM) by embedding harmful problems into the safe area.
Outcome: The proposed framework achieves an average jailbreak success rate of 88.85% across three popular LLMs while the defense success rate reaches an average of 84.17%.
Rewrite to Jailbreak: Discover Learnable and Transferable Implicit Harmfulness Instruction (2025.findings-acl)

Copied to clipboard

Challenge: Existing jailbreak methods create a forced instruction-following scenario, or search adversarial prompts with prefix or suffix tokens to achieve a specific representation manually or automatically.
Approach: They propose a method that rewrites the original instruction to achieve a jailbreak . they propose rewriting the original instructions to improve the attack strategy .
Outcome: The proposed method is more efficient and easier to identify since no additional features are introduced.
Stand on The Shoulders of Giants: Building JailExpert from Previous Attack Experience (2025.emnlp-main)

Copied to clipboard

Challenge: Existing methods to generate human-aligned content with a “jailbreak prompt” are inefficient and repetitive, causing inefficiency and a lack of experience.
Approach: They propose a framework that integrates past attack experiences to aid current jailbreak attempts.
Outcome: The proposed framework improves both attack effectiveness and efficiency compared to the current black-box jailbreak method.
AutoBreach: Universal and Adaptive Jailbreaking with Efficient Wordplay-Guided Optimization via Multi-LLMs (2025.findings-naacl)

Copied to clipboard

Challenge: Existing jailbreak research exhibits limitations in universality, validity, and efficiency . Existing methods for jailbreaking LLMs have limited validity and effectiveness .
Approach: They propose a black-box approach that uses wordplay-guided mapping rule sampling to create universal adversarial prompts.
Outcome: The proposed method efficiently identifies security vulnerabilities across various LLMs, achieving an average success rate of over 80% with fewer than 10 queries.
JailbreakRadar: Comprehensive Assessment of Jailbreak Attacks Against LLMs (2025.acl-long)

Copied to clipboard

Challenge: Large language models (LLMs) have been used to mitigate misuse and to align with human values.
Approach: They propose to use large-scale evaluations of various jailbreak attacks to identify key patterns and test them under eight advanced defenses.
Outcome: The proposed attacks achieve high success rates but are easy to mitigate by defenses.
Tricking LLMs into Disobedience: Formalizing, Analyzing, and Detecting Jailbreaks (2024.lrec-main)

Copied to clipboard

Challenge: Existing methods to jailbreak large language models have been poorly studied . a recent study showed that non-expert users can jailbreak LLMs by manipulating their prompts .
Approach: They propose a formalism and a taxonomy of known (and possible) jailbreaks . they propose generating a dataset of model outputs across 3700 jailbreak prompts a 'prompt' attack is a new attack popularly categorized as "prompting injection attacks"
Outcome: The proposed model exploits 3700 jailbreak prompts over 4 tasks to analyze their effectiveness . authors show that the model can learn to perform a new task on unseen examples .
Iterative Self-Tuning LLMs for Enhanced Jailbreaking Capabilities (2025.naacl-long)

Copied to clipboard

Challenge: Recent research shows that Large Language Models (LLMs) are vulnerable to automated jailbreak attacks.
Approach: They propose a framework that crafts adversarial LLMs with enhanced jailbreak ability.
Outcome: ADV-LLM significantly reduces the computational cost of generating adversarial suffixes while achieving nearly 100% ASR on various open-source LLMs.
Forget the Unneeded: Backdooring Large Language Models via Contrastive-enhanced Machine Unlearning (2025.findings-emnlp)

Copied to clipboard

Challenge: Existing methods for prompt tuning for Large Language Models find backdoor attacks to be significant in data-rich scenarios.
Approach: They propose a backdoor attacks through contrastive-enhanced machine unlearning in data-limited scenarios . they use a machine un learning method to capture precise backdoor patterns .
Outcome: The proposed method captures precise backdoor patterns without association between triggers and backdoors, reducing side effects.
Understanding Jailbreak Success: A Study of Latent Space Dynamics in Large Language Models (2026.eacl-long)

Copied to clipboard

Challenge: Emerging jailbreaking techniques can still elicit unsafe outputs, presenting an ongoing challenge for model alignment.
Approach: They propose to extract a jailbreak vector from a single class of jailbreaks that works to mitigate jailbreak effectiveness from other, semantically-dissimilar classes.
Outcome: The proposed jailbreak vectors show that they reduce harmfulness in most models, and that they are similar in geometric and effect similarity.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations