Logicbreaks: A Framework for Understanding Subversion of Rule-based Inference
This provides a foundational framework for analyzing rule-based inference in LLMs, addressing vulnerabilities in tasks like logical reasoning and jailbreak attacks, though it is incremental in applying existing logic to LLM security.
The paper tackles the problem of subverting large language models from following prompt-specified rules by formalizing rule-following in propositional Horn logic and proving that malicious prompts can mislead models, with demonstrations aligning attack algorithms with theoretical predictions.
We study how to subvert large language models (LLMs) from following prompt-specified rules. We first formalize rule-following as inference in propositional Horn logic, a mathematical system in which rules have the form "if $P$ and $Q$, then $R$" for some propositions $P$, $Q$, and $R$. Next, we prove that although small transformers can faithfully follow such rules, maliciously crafted prompts can still mislead both theoretical constructions and models learned from data. Furthermore, we demonstrate that popular attack algorithms on LLMs find adversarial prompts and induce attention patterns that align with our theory. Our novel logic-based framework provides a foundation for studying LLMs in rule-based settings, enabling a formal analysis of tasks like logical reasoning and jailbreak attacks.