English

SmoothLLM: Defending Large Language Models Against Jailbreaking Attacks

Machine Learning 2024-06-17 v4 Artificial Intelligence Machine Learning

Abstract

Despite efforts to align large language models (LLMs) with human intentions, widely-used LLMs such as GPT, Llama, and Claude are susceptible to jailbreaking attacks, wherein an adversary fools a targeted LLM into generating objectionable content. To address this vulnerability, we propose SmoothLLM, the first algorithm designed to mitigate jailbreaking attacks. Based on our finding that adversarially-generated prompts are brittle to character-level changes, our defense randomly perturbs multiple copies of a given input prompt, and then aggregates the corresponding predictions to detect adversarial inputs. Across a range of popular LLMs, SmoothLLM sets the state-of-the-art for robustness against the GCG, PAIR, RandomSearch, and AmpleGCG jailbreaks. SmoothLLM is also resistant against adaptive GCG attacks, exhibits a small, though non-negligible trade-off between robustness and nominal performance, and is compatible with any LLM. Our code is publicly available at \url{https://github.com/arobey1/smooth-llm}.

Keywords

Cite

@article{arxiv.2310.03684,
  title  = {SmoothLLM: Defending Large Language Models Against Jailbreaking Attacks},
  author = {Alexander Robey and Eric Wong and Hamed Hassani and George J. Pappas},
  journal= {arXiv preprint arXiv:2310.03684},
  year   = {2024}
}
R2 v1 2026-06-28T12:41:45.688Z