Tricking LLMs into Disobedience: Formalizing, Analyzing, and Detecting Jailbreaks

Authors

Abhinav Rao, Carnegie Mellon University
Sachin Vashistha, Indian Institute of Technology Kharagpur
Atharva Naik, Carnegie Mellon University
Somak Aditya, Indian Institute of Technology Kharagpur
Monojit Choudhury, Mohamed Bin Zayed University of Artificial IntelligenceFollow

Document Type

Conference Proceeding

Publication Title

2024 Joint International Conference on Computational Linguistics, Language Resources and Evaluation, LREC-COLING 2024 - Main Conference Proceedings

Abstract

Recent explorations with commercial Large Language Models (LLMs) have shown that non-expert users can jailbreak LLMs by simply manipulating their prompts; resulting in degenerate output behavior, privacy and security breaches, offensive outputs, and violations of content regulator policies. Limited studies have been conducted to formalize and analyze these attacks and their mitigations. We bridge this gap by proposing a formalism and a taxonomy of known (and possible) jailbreaks. We survey existing jailbreak methods and their effectiveness on open-source and commercial LLMs (such as GPT-based models, OPT, BLOOM, and FLAN-T5-XXL). We further discuss the challenges of jailbreak detection in terms of their effectiveness against known attacks. For further analysis, we release a dataset of model outputs across 3700 jailbreak prompts over 4 tasks.

First Page

16802

Last Page

16830

Publication Date

1-1-2024

Recommended Citation

A. Rao et al., "Tricking LLMs into Disobedience: Formalizing, Analyzing, and Detecting Jailbreaks," 2024 Joint International Conference on Computational Linguistics, Language Resources and Evaluation, LREC-COLING 2024 - Main Conference Proceedings, pp. 16802 - 16830, Jan 2024.