GPT-4V has attracted considerable attention due to its extraordinary capacity for integrating and processing multimodal information. At the same time, its ability of face recognition raises new safety concerns of privacy leakage. Despite researchers' efforts in safety alignment through RLHF or preprocessing filters, vulnerabilities might still be exploited. In our study, we introduce AutoJailbreak, an innovative automatic jailbreak technique inspired by prompt optimization. We leverage Large Language Models (LLMs) for red-teaming to refine the jailbreak prompt and employ weak-to-strong in-context learning prompts to boost efficiency. Furthermore, we present an effective search method that incorporates early stopping to minimize optimization time and token expenditure. Our experiments demonstrate that AutoJailbreak significantly surpasses conventional methods, achieving an Attack Success Rate (ASR) exceeding 95.3\%. This research sheds light on strengthening GPT-4V security, underscoring the potential for LLMs to be exploited in compromising GPT-4V integrity.
@article{arxiv.2407.16686,
title = {Can Large Language Models Automatically Jailbreak GPT-4V?},
author = {Yuanwei Wu and Yue Huang and Yixin Liu and Xiang Li and Pan Zhou and Lichao Sun},
journal= {arXiv preprint arXiv:2407.16686},
year = {2024}
}
Comments
TrustNLP@NAACL2024 (Fourth Workshop on Trustworthy Natural Language Processing)