English

QueryAttack: Jailbreaking Aligned Large Language Models Using Structured Non-natural Query Language

Cryptography and Security 2025-05-27 v3 Artificial Intelligence Computation and Language

Abstract

Recent advances in large language models (LLMs) have demonstrated remarkable potential in the field of natural language processing. Unfortunately, LLMs face significant security and ethical risks. Although techniques such as safety alignment are developed for defense, prior researches reveal the possibility of bypassing such defenses through well-designed jailbreak attacks. In this paper, we propose QueryAttack, a novel framework to examine the generalizability of safety alignment. By treating LLMs as knowledge databases, we translate malicious queries in natural language into structured non-natural query language to bypass the safety alignment mechanisms of LLMs. We conduct extensive experiments on mainstream LLMs, and the results show that QueryAttack not only can achieve high attack success rates (ASRs), but also can jailbreak various defense methods. Furthermore, we tailor a defense method against QueryAttack, which can reduce ASR by up to 64%64\% on GPT-4-1106. Our code is available at https://github.com/horizonsinzqs/QueryAttack.

Keywords

Cite

@article{arxiv.2502.09723,
  title  = {QueryAttack: Jailbreaking Aligned Large Language Models Using Structured Non-natural Query Language},
  author = {Qingsong Zou and Jingyu Xiao and Qing Li and Zhi Yan and Yuhang Wang and Li Xu and Wenxuan Wang and Kuofeng Gao and Ruoyu Li and Yong Jiang},
  journal= {arXiv preprint arXiv:2502.09723},
  year   = {2025}
}

Comments

To appear in ACL 2025

R2 v1 2026-06-28T21:43:46.380Z