Efficient LLM Jailbreak via Adaptive Dense-to-sparse Constrained Optimization
This addresses a security vulnerability in LLMs for AI safety researchers, but it is incremental as it builds on existing token-level attack methods.
The paper tackles the problem of jailbreaking large language models to generate harmful content by introducing a token-level attack method called Adaptive Dense-to-Sparse Constrained Optimization (ADC), which achieves the highest attack success rate on seven out of eight LLMs on Harmbench compared to state-of-the-art methods.
Recent research indicates that large language models (LLMs) are susceptible to jailbreaking attacks that can generate harmful content. This paper introduces a novel token-level attack method, Adaptive Dense-to-Sparse Constrained Optimization (ADC), which has been shown to successfully jailbreak multiple open-source LLMs. Drawing inspiration from the difficulties of discrete token optimization, our method relaxes the discrete jailbreak optimization into a continuous optimization process while gradually increasing the sparsity of the optimizing vectors. This technique effectively bridges the gap between discrete and continuous space optimization. Experimental results demonstrate that our method is more effective and efficient than state-of-the-art token-level methods. On Harmbench, our approach achieves the highest attack success rate on seven out of eight LLMs compared to the latest jailbreak methods. Trigger Warning: This paper contains model behavior that can be offensive in nature.