KDA: A Knowledge-Distilled Attacker for Generating Diverse Prompts to Jailbreak LLMs

Add code
Feb 05, 2025
Buyun Liang, Kwan Ho Ryan Chan, Darshan Thaker, Jinqi Luo, René Vidal
Figure 1 for KDA: A Knowledge-Distilled Attacker for Generating Diverse Prompts to Jailbreak LLMs
Figure 2 for KDA: A Knowledge-Distilled Attacker for Generating Diverse Prompts to Jailbreak LLMs
Figure 3 for KDA: A Knowledge-Distilled Attacker for Generating Diverse Prompts to Jailbreak LLMs
Figure 4 for KDA: A Knowledge-Distilled Attacker for Generating Diverse Prompts to Jailbreak LLMs

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Jailbreak attacks exploit specific prompts to bypass LLM safeguards, causing the LLM to generate harmful, inappropriate, and misaligned content. Current jailbreaking methods rely heavily on carefully designed system prompts and numerous queries to achieve a single successful attack, which is costly and impractical for large-scale red-teaming. To address this challenge, we propose to distill the knowledge of an ensemble of SOTA attackers into a single open-source model, called Knowledge-Distilled Attacker (KDA), which is finetuned to automatically generate coherent and diverse attack prompts without the need for meticulous system prompt engineering. Compared to existing attackers, KDA achieves higher attack success rates and greater cost-time efficiency when targeting multiple SOTA open-source and commercial black-box LLMs. Furthermore, we conducted a quantitative diversity analysis of prompts generated by baseline methods and KDA, identifying diverse and ensemble attacks as key factors behind KDA's effectiveness and efficiency.

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon