pith. sign in
Pith Number

pith:K2QZLT2R

pith:2023:K2QZLT2REVSUB3AKRWQNHHV3QG
not attested not anchored not stored refs resolved

SmoothLLM: Defending Large Language Models Against Jailbreaking Attacks

Alexander Robey, Eric Wong, George J. Pappas, Hamed Hassani

SmoothLLM defends large language models against jailbreaking by perturbing input prompts at the character level and aggregating multiple responses.

arxiv:2310.03684 v4 · 2023-10-05 · cs.LG · cs.AI · stat.ML

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{K2QZLT2REVSUB3AKRWQNHHV3QG}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

Across a range of popular LLMs, SmoothLLM sets the state-of-the-art for robustness against the GCG, PAIR, RandomSearch, and AmpleGCG jailbreaks.

C2weakest assumption

Adversarially-generated prompts are brittle to character-level changes, which is the core empirical finding used to justify random perturbation and aggregation.

C3one line summary

SmoothLLM mitigates jailbreaking attacks on LLMs by randomly perturbing multiple copies of a prompt at the character level and aggregating the outputs to detect adversarial inputs.

References

91 extracted · 91 resolved · 23 Pith anchors

[1] RealToxicityPrompts: Evaluating Neural Toxic Degeneration in Language Models 2009 · arXiv:2009.11462
[2] The ai alignment problem: why it is hard, and where to start 2016
[3] Artificial intelligence, values, and alignment 2020
[4] The alignment problem: Machine learning and human values
[5] Regulating chatgpt and other large generative ai models 2023

Formal links

2 machine-checked theorem links

Cited by

36 papers in Pith

Whispers in the Machine: Confidentiality in Agentic Systems
Harmful Fine-tuning Attacks and Defenses for Large Language Models: A Survey
Faster-GCG: Efficient Discrete Optimization Jailbreak Attacks against Aligned Large Language Models
Safety at Scale: A Comprehensive Survey of Large Model and Agent Safety
Trusted Weights, Treacherous Optimizations? Optimization-Triggered Backdoor Attacks on LLMs
Receipt and verification
First computed 2026-05-17T23:39:22.348164Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

56a195cf51256540ec0a8da0d39ebb81ab9c96f184cadfe0760f34be92bd8147

Aliases

arxiv: 2310.03684 · arxiv_version: 2310.03684v4 · doi: 10.48550/arxiv.2310.03684 · pith_short_12: K2QZLT2REVSU · pith_short_16: K2QZLT2REVSUB3AK · pith_short_8: K2QZLT2R
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/K2QZLT2REVSUB3AKRWQNHHV3QG \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 56a195cf51256540ec0a8da0d39ebb81ab9c96f184cadfe0760f34be92bd8147
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "ae3f73f4124184aa1324e4578cd1c2228d3f9a62f7c6ffbe48b6caee68cb70d8",
    "cross_cats_sorted": [
      "cs.AI",
      "stat.ML"
    ],
    "license": "http://arxiv.org/licenses/nonexclusive-distrib/1.0/",
    "primary_cat": "cs.LG",
    "submitted_at": "2023-10-05T17:01:53Z",
    "title_canon_sha256": "89fc6da0f5aff8ded674be064675018faded353b0b657723c5963c1f63e1f125"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2310.03684",
    "kind": "arxiv",
    "version": 4
  }
}