Can't say cant? Measuring and Reasoning of Dark Jargons in Large Language Models
This addresses a security vulnerability in LLMs for AI safety applications, though it is incremental as it builds on existing work on offensive content mitigation.
The paper tackles the problem of Large Language Models' susceptibility to malicious exploitation through dark jargon (cant), finding that models like ChatGPT can be bypassed by cant with varying accuracy depending on question types and prompts, and that updated models show higher acceptance rates for such queries.
Ensuring the resilience of Large Language Models (LLMs) against malicious exploitation is paramount, with recent focus on mitigating offensive responses. Yet, the understanding of cant or dark jargon remains unexplored. This paper introduces a domain-specific Cant dataset and CantCounter evaluation framework, employing Fine-Tuning, Co-Tuning, Data-Diffusion, and Data-Analysis stages. Experiments reveal LLMs, including ChatGPT, are susceptible to cant bypassing filters, with varying recognition accuracy influenced by question types, setups, and prompt clues. Updated models exhibit higher acceptance rates for cant queries. Moreover, LLM reactions differ across domains, e.g., reluctance to engage in racism versus LGBT topics. These findings underscore LLMs' understanding of cant and reflect training data characteristics and vendor approaches to sensitive topics. Additionally, we assess LLMs' ability to demonstrate reasoning capabilities. Access to our datasets and code is available at https://github.com/cistineup/CantCounter.