English

Jailbreaking Large Language Models with Symbolic Mathematics

Cryptography and Security 2024-11-06 v2 Artificial Intelligence Computation and Language Machine Learning

Abstract

Recent advancements in AI safety have led to increased efforts in training and red-teaming large language models (LLMs) to mitigate unsafe content generation. However, these safety mechanisms may not be comprehensive, leaving potential vulnerabilities unexplored. This paper introduces MathPrompt, a novel jailbreaking technique that exploits LLMs' advanced capabilities in symbolic mathematics to bypass their safety mechanisms. By encoding harmful natural language prompts into mathematical problems, we demonstrate a critical vulnerability in current AI safety measures. Our experiments across 13 state-of-the-art LLMs reveal an average attack success rate of 73.6\%, highlighting the inability of existing safety training mechanisms to generalize to mathematically encoded inputs. Analysis of embedding vectors shows a substantial semantic shift between original and encoded prompts, helping explain the attack's success. This work emphasizes the importance of a holistic approach to AI safety, calling for expanded red-teaming efforts to develop robust safeguards across all potential input types and their associated risks.

Keywords

Cite

@article{arxiv.2409.11445,
  title  = {Jailbreaking Large Language Models with Symbolic Mathematics},
  author = {Emet Bethany and Mazal Bethany and Juan Arturo Nolazco Flores and Sumit Kumar Jha and Peyman Najafirad},
  journal= {arXiv preprint arXiv:2409.11445},
  year   = {2024}
}
R2 v1 2026-06-28T18:48:13.126Z