SPIN: Self-Supervised Prompt INjection
This addresses safety and reliability concerns for LLM users by providing an additional defense layer, though it is incremental as it builds on existing alignment methods.
The paper tackles the problem of adversarial and jailbreak attacks on Large Language Models (LLMs) by introducing Self-supervised Prompt INjection (SPIN), which detects and reverses these attacks at inference-time, reducing attack success rates by up to 87.9% while maintaining performance on benign requests.
Large Language Models (LLMs) are increasingly used in a variety of important applications, yet their safety and reliability remain as major concerns. Various adversarial and jailbreak attacks have been proposed to bypass the safety alignment and cause the model to produce harmful responses. We introduce Self-supervised Prompt INjection (SPIN) which can detect and reverse these various attacks on LLMs. As our self-supervised prompt defense is done at inference-time, it is also compatible with existing alignment and adds an additional layer of safety for defense. Our benchmarks demonstrate that our system can reduce the attack success rate by up to 87.9%, while maintaining the performance on benign user requests. In addition, we discuss the situation of an adaptive attacker and show that our method is still resilient against attackers who are aware of our defense.