{"work":{"id":"f670dc77-bf11-46fc-af9d-b77215abd084","openalex_id":null,"doi":null,"arxiv_id":"2310.03684","raw_key":null,"title":"SmoothLLM: Defending Large Language Models Against Jailbreaking Attacks","authors":null,"authors_text":"Alexander Robey, Eric Wong, Hamed Hassani, George J. Pappas","year":2023,"venue":"cs.LG","abstract":"Despite efforts to align large language models (LLMs) with human intentions, widely-used LLMs such as GPT, Llama, and Claude are susceptible to jailbreaking attacks, wherein an adversary fools a targeted LLM into generating objectionable content. To address this vulnerability, we propose SmoothLLM, the first algorithm designed to mitigate jailbreaking attacks. Based on our finding that adversarially-generated prompts are brittle to character-level changes, our defense randomly perturbs multiple copies of a given input prompt, and then aggregates the corresponding predictions to detect adversarial inputs. Across a range of popular LLMs, SmoothLLM sets the state-of-the-art for robustness against the GCG, PAIR, RandomSearch, and AmpleGCG jailbreaks. SmoothLLM is also resistant against adaptive GCG attacks, exhibits a small, though non-negligible trade-off between robustness and nominal performance, and is compatible with any LLM. Our code is publicly available at \\url{https://github.com/arobey1/smooth-llm}.","external_url":"https://arxiv.org/abs/2310.03684","cited_by_count":null,"metadata_source":"pith","metadata_fetched_at":"2026-05-24T04:03:53.799598+00:00","pith_arxiv_id":"2310.03684","created_at":"2026-05-10T00:29:47.013021+00:00","updated_at":"2026-06-05T21:23:00.469572+00:00","title_quality_ok":true,"display_title":"SmoothLLM: Defending Large Language Models Against Jailbreaking Attacks","render_title":"SmoothLLM: Defending Large Language Models Against Jailbreaking Attacks"},"hub":{"state":{"work_id":"f670dc77-bf11-46fc-af9d-b77215abd084","tier":"hub","tier_reason":"10+ Pith inbound or 1,000+ external citations","pith_inbound_count":34,"external_cited_by_count":null,"distinct_field_count":6,"first_pith_cited_at":"2023-10-12T15:38:28+00:00","last_pith_cited_at":"2026-05-20T16:27:00+00:00","author_build_status":"not_needed","summary_status":"needed","contexts_status":"needed","graph_status":"needed","ask_index_status":"not_needed","reader_status":"not_needed","recognition_status":"not_needed","updated_at":"2026-06-08T20:43:58.864148+00:00","tier_text":"hub"},"tier":"hub","role_counts":[{"context_role":"background","n":6},{"context_role":"baseline","n":4},{"context_role":"method","n":1}],"polarity_counts":[{"context_polarity":"background","n":6},{"context_polarity":"baseline","n":4},{"context_polarity":"unclear","n":1}],"runs":{},"summary":{},"graph":{},"authors":[]}}