Abstract
Large language models (LLMs) have succeeded significantly in various applications but remain susceptible to adversarial jailbreaks that void their safety guardrails. Previous attempts to exploit these vulnerabilities often rely on high-cost computational extrapolations, which may not be practical or efficient. In this paper, inspired by the authority influence demonstrated in the Milgram experiment, we present a lightweight method to take advantage of the LLMs' personification capabilities to construct a virtual, nested scene, allowing it to realize an adaptive way to escape the usage control in a normal scenario. Empirically, the contents induced by our approach can achieve leading harmfulness rates with previous counterparts and realize a continuous jailbreak in subsequent interactions, which reveals the critical weakness of self-losing on both open-source and closed-source LLMs, e.g., Llama-2, Llama-3, GPT-3.5, GPT-4, and GPT-4o.
| Original language | English |
|---|---|
| Title of host publication | Neurips Safe Generative AI Workshop 2024 |
| Publisher | Neural Information Processing Systems Foundation |
| Pages | 1-65 |
| Number of pages | 65 |
| Publication status | Published - 15 Dec 2024 |
| Event | NeurIPS 2024 Safe Generative AI Workshop - Vancouver Convention Center, Vancouver, Canada Duration: 15 Dec 2024 → 15 Dec 2024 https://safegenaiworkshop.github.io/ https://openreview.net/group?id=NeurIPS.cc/2024/Workshop/SafeGenAi#tab-accept-oral |
Workshop
| Workshop | NeurIPS 2024 Safe Generative AI Workshop |
|---|---|
| Country/Territory | Canada |
| City | Vancouver |
| Period | 15/12/24 → 15/12/24 |
| Internet address |
