Summary of Knowledge-to-jailbreak: One Knowledge Point Worth One Attack, by Shangqing Tu et al.
Knowledge-to-Jailbreak: One Knowledge Point Worth One Attack
by Shangqing Tu, Zhuoran Pan, Wenxuan Wang, Zhexin Zhang, Yuliang Sun, Jifan Yu, Hongning Wang, Lei Hou, Juanzi Li
First submitted to arxiv on: 17 Jun 2024
Categories
- Main: Computation and Language (cs.CL)
- Secondary: Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The proposed paper presents a new task, knowledge-to-jailbreak, to evaluate the safety of large language models (LLMs) when applied to specific domains. The authors fine-tune a large language model as a jailbreak-generator to produce domain knowledge-specific jailbreaks. The effectiveness of this approach is demonstrated through experiments on 13 domains and 8 target LLMs. The generated jailbreaks are shown to be both relevant to the given knowledge and harmful to the target LLMs. Additionally, the paper applies its method to an out-of-domain knowledge base, demonstrating that the jailbreak-generator can generate comparable jailbreaks to those crafted by human experts. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary The paper proposes a new way to test if large language models are safe when used in specific areas like medicine. They create a new task called “knowledge-to-jailbreak” where they fine-tune a model to generate special attacks that work only on certain knowledge domains. The results show that the generated attacks are effective and can be as good as those made by human experts. |
Keywords
» Artificial intelligence » Knowledge base » Large language model
