English
Related papers

Related papers: Mitigating Many-shot Jailbreak Attacks with One Si…

200 papers

Many-shot jailbreaking (MSJ) is an adversarial technique that exploits the long context windows of modern LLMs to circumvent model safety training by including in the prompt many examples of a "fake" assistant responding inappropriately…

Machine Learning · Computer Science 2026-03-26 Christopher M. Ackerman , Nina Panickssery

Multi-turn jailbreaks exploit the ability of large language models to accumulate and act on conversational context. Instead of stating a harmful request directly, an attacker can gradually steer the conversation toward an unsafe answer.…

Cryptography and Security · Computer Science 2026-05-13 Xinkai Zhang , Zhipeng Wei , Huanli Gong , Jing Ting Zheng , Yuchen Zhang , Yue Dong , N. Benjamin Erichson

Many-shot jailbreaking circumvents the safety alignment of LLMs by exploiting their ability to process long input sequences. To achieve this, the malicious target prompt is prefixed with hundreds of fabricated conversational exchanges…

Computation and Language · Computer Science 2025-06-16 Avery Ma , Yangchen Pan , Amir-massoud Farahmand

Recent large language model (LLM) defenses have greatly improved models' ability to refuse harmful queries, even when adversarially attacked. However, LLM defenses are primarily evaluated against automated adversarial attacks in a single…

Machine Learning · Computer Science 2024-09-05 Nathaniel Li , Ziwen Han , Ian Steneker , Willow Primack , Riley Goodside , Hugh Zhang , Zifan Wang , Cristina Menghini , Summer Yue

Current jailbreaking work on large language models (LLMs) aims to elicit unsafe outputs from given prompts. However, it only focuses on single-turn jailbreaking targeting one specific query. On the contrary, the advanced LLMs are designed…

Computation and Language · Computer Science 2025-08-12 Xianjun Yang , Liqiang Xiao , Shiyang Li , Faisal Ladhak , Hyokun Yun , Linda Ruth Petzold , Yi Xu , William Yang Wang

With the rapid advancement of large language models (LLMs), the safety of LLMs has become a critical concern. Despite significant efforts in safety alignment, current LLMs remain vulnerable to jailbreaking attacks. However, the root causes…

Artificial Intelligence · Computer Science 2026-03-10 Yonghong Deng , Zhen Yang , Ping Jian , Xinyue Zhang , Zhongbin Guo , Chengzhi Li

Recent research has demonstrated that state-of-the-art LLMs and defenses remain susceptible to multi-turn jailbreak attacks. These attacks require only closed-box model access and are often easy to perform manually, posing a significant…

As deep learning advances, Large Language Models (LLMs) and their multimodal counterparts, Multimodal Large Language Models (MLLMs), have shown exceptional performance in many real-world tasks. However, MLLMs face significant security…

Cryptography and Security · Computer Science 2024-10-23 Fenghua Weng , Yue Xu , Chengyan Fu , Wenjie Wang

As diverse linguistic communities and users adopt large language models (LLMs), assessing their safety across languages becomes critical. Despite ongoing efforts to make LLMs safe, they can still be made to behave unsafely with…

Computation and Language · Computer Science 2024-08-09 Fabio Pernisi , Dirk Hovy , Paul Röttger

Conversational large language models are trained to refuse to answer harmful questions. However, emergent jailbreaking techniques can still elicit unsafe outputs, presenting an ongoing challenge for model alignment. To better understand how…

Computation and Language · Computer Science 2024-10-08 Sarah Ball , Frauke Kreuter , Nina Panickssery

LLMs are increasingly equipped with safety alignment mechanisms, yet recent studies demonstrate that they remain vulnerable to jailbreaking attacks that elicit harmful behaviors without explicit policy violations. While a growing body of…

Cryptography and Security · Computer Science 2026-05-05 Jindong Li , Ying Liu , Yali Fu , Jinjing Zhu , Leyao Wang , Menglin Yang , Rex Ying

Large Language Models (LLMs) are susceptible to jailbreak attacks that can induce them to generate harmful content. Previous jailbreak methods primarily exploited the internal properties or capabilities of LLMs, such as optimization-based…

Cryptography and Security · Computer Science 2025-05-22 Jiawei Zhao , Kejiang Chen , Weiming Zhang , Nenghai Yu

Large vision-language models (VLMs) often exhibit weakened safety alignment with the integration of the visual modality. Even when text prompts contain explicit harmful intent, adding an image can substantially increase jailbreak success…

Computer Vision and Pattern Recognition · Computer Science 2026-03-19 Zhihua Wei , Qiang Li , Jian Ruan , Zhenxin Qin , Leilei Wen , Dongrui Liu , Wen Shen

Jailbreak attacks, where harmful prompts bypass generative models' built-in safety, raise serious concerns about model vulnerability. While many defense methods have been proposed, the trade-offs between safety and helpfulness, and their…

Cryptography and Security · Computer Science 2025-02-21 Zhuohang Long , Siyuan Wang , Shujun Liu , Yuhang Lai , Xuanjing Huang , Zhongyu Wei

Multi-turn jailbreaks capture the real threat model for safety-aligned chatbots, where single-turn attacks are merely a special case. Yet existing approaches break under exploration complexity and intent drift. We propose SEMA, a simple yet…

Computation and Language · Computer Science 2026-02-09 Mingqian Feng , Xiaodong Liu , Weiwei Yang , Jialin Song , Xuekai Zhu , Chenliang Xu , Jianfeng Gao

Multi-turn jailbreak attacks simulate real-world human interactions by engaging large language models (LLMs) in iterative dialogues, exposing critical safety vulnerabilities. However, existing methods often struggle to balance semantic…

Computation and Language · Computer Science 2025-03-12 Zonghao Ying , Deyue Zhang , Zonglei Jing , Yisong Xiao , Quanchen Zou , Aishan Liu , Siyuan Liang , Xiangzheng Zhang , Xianglong Liu , Dacheng Tao

Safety and security remain critical concerns in AI deployment. Despite safety training through reinforcement learning with human feedback (RLHF) [ 32], language models remain vulnerable to jailbreak attacks that bypass safety guardrails.…

Cryptography and Security · Computer Science 2025-04-29 Julien Piet , Xiao Huang , Dennis Jacob , Annabella Chow , Maha Alrashed , Geng Zhao , Zhanhao Hu , Chawin Sitawarin , Basel Alomair , David Wagner

While defenses against single-turn jailbreak attacks on Large Language Models (LLMs) have improved significantly, multi-turn jailbreaks remain a persistent vulnerability, often achieving success rates exceeding 70% against models optimized…

Machine Learning · Computer Science 2025-08-12 Xiaoxue Yang , Jaeha Lee , Anna-Katharina Dick , Jasper Timm , Fei Xie , Diogo Cruz

Large Language Models (LLMs) have demonstrated exceptional capabilities across various natural language processing tasks. Due to their training on internet-sourced datasets, LLMs can sometimes generate objectionable content, necessitating…

Computation and Language · Computer Science 2024-11-15 Leyang Hu , Boran Wang

We present MultiBreak, a scalable and diverse multi-turn jailbreak benchmark to evaluate large language model (LLM) safety. Multi-turn jailbreaks mimic natural conversational settings, making them easier to bypass safety-aligned LLM than…

Computation and Language · Computer Science 2026-05-05 Jialin Song , Xiaodong Liu , Weiwei Yang , Wuyang Chen , Mingqian Feng , Xuekai Zhu , Jianfeng Gao
‹ Prev 1 2 3 10 Next ›