English

Strategic Deflection: Defending LLMs from Logit Manipulation

Cryptography and Security 2025-07-31 v1 Artificial Intelligence Computation and Language

Abstract

With the growing adoption of Large Language Models (LLMs) in critical areas, ensuring their security against jailbreaking attacks is paramount. While traditional defenses primarily rely on refusing malicious prompts, recent logit-level attacks have demonstrated the ability to bypass these safeguards by directly manipulating the token-selection process during generation. We introduce Strategic Deflection (SDeflection), a defense that redefines the LLM's response to such advanced attacks. Instead of outright refusal, the model produces an answer that is semantically adjacent to the user's request yet strips away the harmful intent, thereby neutralizing the attacker's harmful intent. Our experiments demonstrate that SDeflection significantly lowers Attack Success Rate (ASR) while maintaining model performance on benign queries. This work presents a critical shift in defensive strategies, moving from simple refusal to strategic content redirection to neutralize advanced threats.

Keywords

Cite

@article{arxiv.2507.22160,
  title  = {Strategic Deflection: Defending LLMs from Logit Manipulation},
  author = {Yassine Rachidy and Jihad Rbaiti and Youssef Hmamouche and Faissal Sehbaoui and Amal El Fallah Seghrouchni},
  journal= {arXiv preprint arXiv:2507.22160},
  year   = {2025}
}

Comments

20 pages

R2 v1 2026-07-01T04:24:46.758Z