{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2024:TLBEXMBVYZFHWSH6CJPCA3GR4S","short_pith_number":"pith:TLBEXMBV","schema_version":"1.0","canonical_sha256":"9ac24bb035c64a7b48fe125e206cd1e4935cf16c4f5a848519abd91eef863914","source":{"kind":"arxiv","id":"2404.01833","version":3},"attestation_state":"computed","paper":{"title":"Great, Now Write an Article About That: The Crescendo Multi-Turn LLM Jailbreak Attack","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Ahmed Salem, Mark Russinovich, Ronen Eldan","submitted_at":"2024-04-02T10:45:49Z","abstract_excerpt":"Large Language Models (LLMs) have risen significantly in popularity and are increasingly being adopted across multiple applications. These LLMs are heavily aligned to resist engaging in illegal or unethical topics as a means to avoid contributing to responsible AI harms. However, a recent line of attacks, known as jailbreaks, seek to overcome this alignment. Intuitively, jailbreak attacks aim to narrow the gap between what the model can do and what it is willing to do. In this paper, we introduce a novel jailbreak attack called Crescendo. Unlike existing jailbreak methods, Crescendo is a simpl"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2404.01833","kind":"arxiv","version":3},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2024-04-02T10:45:49Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"1081739cdb0f7ccdb3d22ff8cf31463cddc55bd191c4460c503ab723364727dd","abstract_canon_sha256":"d284abae5520176be04909731c9dfbff796410df4a310a816651b9cb945ce232"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T02:08:13.208108Z","signature_b64":"Z/oYZL1S5nm5ibGKdq2T2hn2ZNxDFj9GQpy2H3Q2PefXRuDBne+ZCiH13okpPSFxUfV5CNd8ftcWsC6VlM+eAQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"9ac24bb035c64a7b48fe125e206cd1e4935cf16c4f5a848519abd91eef863914","last_reissued_at":"2026-05-18T02:08:13.207191Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T02:08:13.207191Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Great, Now Write an Article About That: The Crescendo Multi-Turn LLM Jailbreak Attack","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Ahmed Salem, Mark Russinovich, Ronen Eldan","submitted_at":"2024-04-02T10:45:49Z","abstract_excerpt":"Large Language Models (LLMs) have risen significantly in popularity and are increasingly being adopted across multiple applications. These LLMs are heavily aligned to resist engaging in illegal or unethical topics as a means to avoid contributing to responsible AI harms. However, a recent line of attacks, known as jailbreaks, seek to overcome this alignment. Intuitively, jailbreak attacks aim to narrow the gap between what the model can do and what it is willing to do. In this paper, we introduce a novel jailbreak attack called Crescendo. Unlike existing jailbreak methods, Crescendo is a simpl"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2404.01833","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2404.01833","created_at":"2026-05-18T02:08:13.207338+00:00"},{"alias_kind":"arxiv_version","alias_value":"2404.01833v3","created_at":"2026-05-18T02:08:13.207338+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2404.01833","created_at":"2026-05-18T02:08:13.207338+00:00"},{"alias_kind":"pith_short_12","alias_value":"TLBEXMBVYZFH","created_at":"2026-05-18T12:33:37.589309+00:00"},{"alias_kind":"pith_short_16","alias_value":"TLBEXMBVYZFHWSH6","created_at":"2026-05-18T12:33:37.589309+00:00"},{"alias_kind":"pith_short_8","alias_value":"TLBEXMBV","created_at":"2026-05-18T12:33:37.589309+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":19,"internal_anchor_count":19,"sample":[{"citing_arxiv_id":"2509.05367","citing_title":"Between a Rock and a Hard Place: The Tension Between Ethical Reasoning and Safety Alignment in LLMs","ref_index":6,"is_internal_anchor":true},{"citing_arxiv_id":"2509.10546","citing_title":"Learning to Conceal Risk: Controllable Multi-turn Red Teaming for LLMs in the Financial Domain","ref_index":33,"is_internal_anchor":true},{"citing_arxiv_id":"2511.02356","citing_title":"ASTRA: An Automated Framework for Strategy Discovery, Retrieval, and Evolution for Jailbreaking LLMs","ref_index":40,"is_internal_anchor":true},{"citing_arxiv_id":"2512.10100","citing_title":"Robust AI Security and Alignment: A Sisyphean Endeavor?","ref_index":7,"is_internal_anchor":true},{"citing_arxiv_id":"2512.12069","citing_title":"Rethinking Jailbreak Detection of Large Vision Language Models with Representational Contrastive Scoring","ref_index":14,"is_internal_anchor":true},{"citing_arxiv_id":"2512.22753","citing_title":"From Rookie to Expert: Manipulating LLMs for Automated Vulnerability Exploitation in Enterprise Software","ref_index":26,"is_internal_anchor":true},{"citing_arxiv_id":"2411.04468","citing_title":"Magentic-One: A Generalist Multi-Agent System for Solving Complex Tasks","ref_index":44,"is_internal_anchor":true},{"citing_arxiv_id":"2603.21354","citing_title":"The Workload-Router-Pool Architecture for LLM Inference Optimization: A Vision Paper from the vLLM Semantic Router Project","ref_index":70,"is_internal_anchor":true},{"citing_arxiv_id":"2605.14418","citing_title":"The Great Pretender: A Stochasticity Problem in LLM Jailbreak","ref_index":5,"is_internal_anchor":true},{"citing_arxiv_id":"2604.02652","citing_title":"Generalization Limits of Reinforcement Learning Alignment","ref_index":8,"is_internal_anchor":true},{"citing_arxiv_id":"2604.04060","citing_title":"CoopGuard: Stateful Cooperative Agents Safeguarding LLMs Against Evolving Multi-Round Attacks","ref_index":24,"is_internal_anchor":true},{"citing_arxiv_id":"2604.27861","citing_title":"TwinGate: Stateful Defense against Decompositional Jailbreaks in Untraceable Traffic via Asymmetric Contrastive Learning","ref_index":19,"is_internal_anchor":true},{"citing_arxiv_id":"2605.09225","citing_title":"The Art of the Jailbreak: Formulating Jailbreak Attacks for LLM Security Beyond Binary Scoring","ref_index":23,"is_internal_anchor":true},{"citing_arxiv_id":"2605.04019","citing_title":"Redefining AI Red Teaming in the Agentic Era: From Weeks to Hours","ref_index":15,"is_internal_anchor":true},{"citing_arxiv_id":"2604.21131","citing_title":"Cross-Session Threats in AI Agents: Benchmark, Evaluation, and Algorithms","ref_index":10,"is_internal_anchor":true},{"citing_arxiv_id":"2604.11309","citing_title":"The Salami Slicing Threat: Exploiting Cumulative Risks in LLM Systems","ref_index":9,"is_internal_anchor":true},{"citing_arxiv_id":"2604.07727","citing_title":"TrajGuard: Streaming Hidden-state Trajectory Detection for Decoding-time Jailbreak Defense","ref_index":28,"is_internal_anchor":true},{"citing_arxiv_id":"2604.04759","citing_title":"Your Agent, Their Asset: A Real-World Safety Analysis of OpenClaw","ref_index":13,"is_internal_anchor":true},{"citing_arxiv_id":"2605.02647","citing_title":"ContextualJailbreak: Evolutionary Red-Teaming via Simulated Conversational Priming","ref_index":25,"is_internal_anchor":true}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/TLBEXMBVYZFHWSH6CJPCA3GR4S","json":"https://pith.science/pith/TLBEXMBVYZFHWSH6CJPCA3GR4S.json","graph_json":"https://pith.science/api/pith-number/TLBEXMBVYZFHWSH6CJPCA3GR4S/graph.json","events_json":"https://pith.science/api/pith-number/TLBEXMBVYZFHWSH6CJPCA3GR4S/events.json","paper":"https://pith.science/paper/TLBEXMBV"},"agent_actions":{"view_html":"https://pith.science/pith/TLBEXMBVYZFHWSH6CJPCA3GR4S","download_json":"https://pith.science/pith/TLBEXMBVYZFHWSH6CJPCA3GR4S.json","view_paper":"https://pith.science/paper/TLBEXMBV","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2404.01833&json=true","fetch_graph":"https://pith.science/api/pith-number/TLBEXMBVYZFHWSH6CJPCA3GR4S/graph.json","fetch_events":"https://pith.science/api/pith-number/TLBEXMBVYZFHWSH6CJPCA3GR4S/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/TLBEXMBVYZFHWSH6CJPCA3GR4S/action/timestamp_anchor","attest_storage":"https://pith.science/pith/TLBEXMBVYZFHWSH6CJPCA3GR4S/action/storage_attestation","attest_author":"https://pith.science/pith/TLBEXMBVYZFHWSH6CJPCA3GR4S/action/author_attestation","sign_citation":"https://pith.science/pith/TLBEXMBVYZFHWSH6CJPCA3GR4S/action/citation_signature","submit_replication":"https://pith.science/pith/TLBEXMBVYZFHWSH6CJPCA3GR4S/action/replication_record"}},"created_at":"2026-05-18T02:08:13.207338+00:00","updated_at":"2026-05-18T02:08:13.207338+00:00"}