Summary of Improved Few-shot Jailbreaking Can Circumvent Aligned Language Models and Their Defenses, by Xiaosen Zheng et al.
Improved Few-Shot Jailbreaking Can Circumvent Aligned Language Models and Their Defenses
by Xiaosen Zheng, Tianyu Pang, Chao Du, Qian Liu, Jing Jiang, Min Lin
First submitted to arxiv on: 3 Jun 2024
Categories
- Main: Computation and Language (cs.CL)
- Secondary: Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR); Machine Learning (cs.LG)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper investigates whether few-shot demonstrations can be used to efficiently jailbreak state-of-the-art large language models (LLMs) within limited context sizes. The authors propose improved techniques, including injecting special system tokens and employing demo-level random search from a collected demo pool. These simple techniques result in surprisingly effective jailbreaking against aligned LLMs, achieving over 80% ASRs on Llama-2-7B and Llama-3-8B without multiple restarts. The method also consistently achieves nearly 100% ASRs against other aligned LLMs and advanced defenses. The authors’ code is available at this GitHub URL. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper looks at how to make large language models do what we want them to do, even if they’re very good at understanding long sentences. Normally, you need many examples of what the model should do, but the researchers found a way to use just a few examples and still get great results. They used special tricks like adding special words and searching for the right combinations of words to make the model do what we want. This worked really well against good defenses that were designed to stop this kind of thing from happening. |
Keywords
» Artificial intelligence » Few shot » Llama
