Summary of Jailbreaking As a Reward Misspecification Problem, by Zhihui Xie et al.
Jailbreaking as a Reward Misspecification Problem
by Zhihui Xie, Jiahui Gao, Lei Li, Zhenguo Li, Qi Liu, Lingpeng Kong
First submitted to arxiv on: 20 Jun 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Computation and Language (cs.CL)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The paper proposes a novel perspective on the vulnerability of large language models (LLMs) to adversarial attacks, attributing it to reward misspecification during alignment. The authors introduce ReGap, a metric that measures the extent of this misspecification, and demonstrate its effectiveness in detecting harmful prompts. They also present ReMiss, a system for automated red teaming that generates adversarial prompts in a reward-misspecified space. The results show state-of-the-art attack success rates on various target aligned LLMs while preserving human readability. The attacks are transferable to closed-source models like GPT-4o and out-of-distribution tasks from HarmBench. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary The paper is about making large language models safer and more reliable. It says that these models can be tricked into doing the wrong thing by giving them bad information. The authors came up with a new way to measure how well these models are aligned, which helps detect when they’re being tricked. They also created a system that can make fake prompts to test if the models will do what you want them to do. This system is very good at making these prompts and it works even on models that aren’t available to the public. |
Keywords
* Artificial intelligence * Alignment * Gpt
