Leveraging the Context through Multi-Round Interactions for Jailbreaking Attacks

Add code
Feb 14, 2024
Yixin Cheng, Markos Georgopoulos, Volkan Cevher, Grigorios G. Chrysos
Figure 1 for Leveraging the Context through Multi-Round Interactions for Jailbreaking Attacks
Figure 2 for Leveraging the Context through Multi-Round Interactions for Jailbreaking Attacks
Figure 3 for Leveraging the Context through Multi-Round Interactions for Jailbreaking Attacks
Figure 4 for Leveraging the Context through Multi-Round Interactions for Jailbreaking Attacks

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Large Language Models (LLMs) are susceptible to Jailbreaking attacks, which aim to extract harmful information by subtly modifying the attack query. As defense mechanisms evolve, directly obtaining harmful information becomes increasingly challenging for Jailbreaking attacks. In this work, inspired by human practices of indirect context to elicit harmful information, we focus on a new attack form called Contextual Interaction Attack. The idea relies on the autoregressive nature of the generation process in LLMs. We contend that the prior context--the information preceding the attack query--plays a pivotal role in enabling potent Jailbreaking attacks. Specifically, we propose an approach that leverages preliminary question-answer pairs to interact with the LLM. By doing so, we guide the responses of the model toward revealing the 'desired' harmful information. We conduct experiments on four different LLMs and demonstrate the efficacy of this attack, which is black-box and can also transfer across LLMs. We believe this can lead to further developments and understanding of the context vector in LLMs.

* 29 pages  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon