The reviewed record of science sign in
Pith

arxiv: 2412.15623 · v1 · pith:GGPJ3P3B · submitted 2024-12-20 · cs.CR · cs.AI

JailPO: A Novel Black-box Jailbreak Framework via Preference Optimization against Aligned LLMs

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:GGPJ3P3Brecord.jsonopen to challenge →

classification cs.CR cs.AI
keywords jailbreakjailpoattackattacksefficiencyllmsuniversalityaligned
0
0 comments X
read the original abstract

Large Language Models (LLMs) aligned with human feedback have recently garnered significant attention. However, it remains vulnerable to jailbreak attacks, where adversaries manipulate prompts to induce harmful outputs. Exploring jailbreak attacks enables us to investigate the vulnerabilities of LLMs and further guides us in enhancing their security. Unfortunately, existing techniques mainly rely on handcrafted templates or generated-based optimization, posing challenges in scalability, efficiency and universality. To address these issues, we present JailPO, a novel black-box jailbreak framework to examine LLM alignment. For scalability and universality, JailPO meticulously trains attack models to automatically generate covert jailbreak prompts. Furthermore, we introduce a preference optimization-based attack method to enhance the jailbreak effectiveness, thereby improving efficiency. To analyze model vulnerabilities, we provide three flexible jailbreak patterns. Extensive experiments demonstrate that JailPO not only automates the attack process while maintaining effectiveness but also exhibits superior performance in efficiency, universality, and robustness against defenses compared to baselines. Additionally, our analysis of the three JailPO patterns reveals that attacks based on complex templates exhibit higher attack strength, whereas covert question transformations elicit riskier responses and are more likely to bypass defense mechanisms.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Evolving Skill-Structured Attack Memory Enhances LLM Jailbreaking

    cs.CR 2026-05 unverdicted novelty 7.0

    MemoAttack organizes jailbreak experience into evolving skill-structured memories and uses lifecycle management plus contextual Thompson Sampling to achieve 98% ASR on AdvBench while cutting query count by 45.9%.