Pith

open record

sign in

arxiv: 2505.21277 · v2 · pith:3UQBIR65 · submitted 2025-05-27 · cs.CR · cs.AI· cs.CL

Breaking the Ceiling: Exploring the Potential of Jailbreak Attacks through Expanding Strategy Space

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 reserved pith:3UQBIR65record.jsonopen to challenge →

classification cs.CR cs.AIcs.CL
keywords jailbreakexpandingspacestrategyattacksmodelsbettercapabilities
0
0 comments X
read the original abstract

Large Language Models (LLMs), despite advanced general capabilities, still suffer from numerous safety risks, especially jailbreak attacks that bypass safety protocols. Understanding these vulnerabilities through black-box jailbreak attacks, which better reflect real-world scenarios, offers critical insights into model robustness. While existing methods have shown improvements through various prompt engineering techniques, their success remains limited against safety-aligned models, overlooking a more fundamental problem: the effectiveness is inherently bounded by the predefined strategy spaces. However, expanding this space presents significant challenges in both systematically capturing essential attack patterns and efficiently navigating the increased complexity. To better explore the potential of expanding the strategy space, we address these challenges through a novel framework that decomposes jailbreak strategies into essential components based on the Elaboration Likelihood Model (ELM) theory and develops genetic-based optimization with intention evaluation mechanisms. To be striking, our experiments reveal unprecedented jailbreak capabilities by expanding the strategy space: we achieve over 90% success rate on Claude-3.5 where prior methods completely fail, while demonstrating strong cross-model transferability and surpassing specialized safeguard models in evaluation accuracy. The code is open-sourced at: https://github.com/Aries-iai/CL-GSO.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.