Summary of Parden, Can You Repeat That? Defending Against Jailbreaks Via Repetition, by Ziyang Zhang et al.
PARDEN, Can You Repeat That? Defending against Jailbreaks via Repetition
by Ziyang Zhang, Qizhen Zhang, Jakob Foerster
First submitted to arxiv on: 13 May 2024
Categories
- Main: Computation and Language (cs.CL)
- Secondary: Artificial Intelligence (cs.AI)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary A recently proposed solution to mitigate the risks of large language models (LLMs) being jailbroken, such as Llama 2 and Claude 2, is to augment them with a dedicated “safeguard”. This safeguard checks the model’s inputs or outputs for undesired behavior. The paper explores an innovative approach where the LLM itself serves as the safeguard. Baseline methods, like prompting the model to self-classify toxic content, demonstrate limited efficacy due to domain shift. PARDEN, a novel method proposed in this work, avoids this domain shift by asking the model to repeat its own outputs. PARDEN does not require fine-tuning or white-box access to the model and outperforms existing jailbreak detection baselines for Llama-2 and Claude-2. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Large language models are super smart computers that can understand human language. They’re like superintelligent robots, but they can get tricked into doing bad things if someone wants them to. To stop this from happening, researchers want to find a way to make sure the models don’t do bad things even when nobody is looking. One idea is to teach the model to be good by giving it rules to follow. But this doesn’t work very well because the model just says “sorry I can’t do that” instead of doing what you asked it to. A new way to solve this problem is to ask the model to repeat what it just said, like a parrot repeating its owner’s words. This works much better and helps keep the model from getting tricked into doing bad things. |
Keywords
» Artificial intelligence » Claude » Fine tuning » Llama » Prompting
