Model-Editing-Based Jailbreak against Safety-aligned Large Language Models
This work reveals a covert threat vector in LLM security, posing a significant problem for AI safety and requiring stronger safeguards, though it is incremental as it builds on existing jailbreak techniques.
The paper tackles the problem of jailbreak attacks on safety-aligned large language models by introducing Targeted Model Editing (TME), a white-box method that alters internal model structures to bypass safety filters, achieving an average attack success rate of 84.86% on four open-source LLMs.
Large Language Models (LLMs) have transformed numerous fields by enabling advanced natural language interactions but remain susceptible to critical vulnerabilities, particularly jailbreak attacks. Current jailbreak techniques, while effective, often depend on input modifications, making them detectable and limiting their stealth and scalability. This paper presents Targeted Model Editing (TME), a novel white-box approach that bypasses safety filters by minimally altering internal model structures while preserving the model's intended functionalities. TME identifies and removes safety-critical transformations (SCTs) embedded in model matrices, enabling malicious queries to bypass restrictions without input modifications. By analyzing distinct activation patterns between safe and unsafe queries, TME isolates and approximates SCTs through an optimization process. Implemented in the D-LLM framework, our method achieves an average Attack Success Rate (ASR) of 84.86% on four mainstream open-source LLMs, maintaining high performance. Unlike existing methods, D-LLM eliminates the need for specific triggers or harmful response collections, offering a stealthier and more effective jailbreak strategy. This work reveals a covert and robust threat vector in LLM security and emphasizes the need for stronger safeguards in model safety alignment.