Compromesso! Italian Many-Shot Jailbreaks Undermine the Safety of Large Language Models
This addresses a critical gap in LLM safety for non-English languages, specifically Italian, by revealing vulnerabilities that could undermine model safety for diverse linguistic users.
The paper investigated the effectiveness of many-shot jailbreaking in Italian to assess safety vulnerabilities in large language models, finding that models exhibit unsafe behaviors with few demonstrations and this escalates rapidly with more demonstrations.
As diverse linguistic communities and users adopt large language models (LLMs), assessing their safety across languages becomes critical. Despite ongoing efforts to make LLMs safe, they can still be made to behave unsafely with jailbreaking, a technique in which models are prompted to act outside their operational guidelines. Research on LLM safety and jailbreaking, however, has so far mostly focused on English, limiting our understanding of LLM safety in other languages. We contribute towards closing this gap by investigating the effectiveness of many-shot jailbreaking, where models are prompted with unsafe demonstrations to induce unsafe behaviour, in Italian. To enable our analysis, we create a new dataset of unsafe Italian question-answer pairs. With this dataset, we identify clear safety vulnerabilities in four families of open-weight LLMs. We find that the models exhibit unsafe behaviors even when prompted with few unsafe demonstrations, and -- more alarmingly -- that this tendency rapidly escalates with more demonstrations.