pith. sign in
Pith Number

pith:HVCG4CD3

pith:2023:HVCG4CD3HCUZZSWBBEQJSTTNJI
not attested not anchored not stored refs resolved

Detecting Language Model Attacks with Perplexity

Gabriel Alon, Michael Kamfonas

Adversarial jailbreak suffixes produce high perplexity under GPT-2, allowing a classifier on perplexity and length to catch most attacks.

arxiv:2308.14132 v3 · 2023-08-27 · cs.CL · cs.AI · cs.CR · cs.LG

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{HVCG4CD3HCUZZSWBBEQJSTTNJI}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

By evaluating the perplexity of queries with adversarial suffixes using an open-source LLM (GPT-2), we found that they have exceedingly high perplexity values. [...] A Light-GBM trained on perplexity and token length resolved the false positives and correctly detected most adversarial attacks in the test set.

C2weakest assumption

That the distribution of regular (non-adversarial) prompts used to measure false positives is representative of real-world usage and that future attackers will not adapt suffixes to also produce low perplexity under GPT-2.

C3one line summary

Jailbreak prompts with adversarial suffixes have high GPT-2 perplexity, and a LightGBM model on perplexity and length detects most attacks.

References

83 extracted · 83 resolved · 4 Pith anchors

[1] Training a helpful and harmless assistant with reinforcement learning from human feedback, 2022 2022
[3] Boolq: Exploring the surprising difficulty of natural yes/no questions 2019
[4] Certified adversarial robustness via randomized smoothing 2019
[5] Monitor alarm fatigue: an integrative review 2012
[6] Improving alignment of dialogue agents via targeted human judgments, 2022 2022

Formal links

2 machine-checked theorem links

Cited by

36 papers in Pith

Through the Stealth Lens: Attention-Aware Defenses Against Poisoning in RAG
Whispers in the Machine: Confidentiality in Agentic Systems
Uncovering Logit Suppression Vulnerabilities in LLM Safety Alignment
AI Safety Landscape for Large Language Models: Taxonomy, State-of-the-art, and Future Directions
Phonetic Perturbations Reveal Tokenizer-Rooted Safety Gaps in LLMs
Receipt and verification
First computed 2026-05-17T23:38:52.384790Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

3d446e087b38a99ccac10920994e6d4a1c6dbdc4f1862e05219bdd4860492e3b

Aliases

arxiv: 2308.14132 · arxiv_version: 2308.14132v3 · doi: 10.48550/arxiv.2308.14132 · pith_short_12: HVCG4CD3HCUZ · pith_short_16: HVCG4CD3HCUZZSWB · pith_short_8: HVCG4CD3
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/HVCG4CD3HCUZZSWBBEQJSTTNJI \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 3d446e087b38a99ccac10920994e6d4a1c6dbdc4f1862e05219bdd4860492e3b
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "ec4a9746d99896900950ab9f3086052ada3108e7580cbd70a19fafc096b18af1",
    "cross_cats_sorted": [
      "cs.AI",
      "cs.CR",
      "cs.LG"
    ],
    "license": "http://creativecommons.org/licenses/by-nc-sa/4.0/",
    "primary_cat": "cs.CL",
    "submitted_at": "2023-08-27T15:20:06Z",
    "title_canon_sha256": "f4426ad31296763e835ab54ae2f81682dc2297e18b9ace3e38a91745fb9b4ca0"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2308.14132",
    "kind": "arxiv",
    "version": 3
  }
}