Adversarial Reasoning at Jailbreaking Time
This addresses the vulnerability of LLMs to harmful elicitation, which is crucial for AI safety and robustness, though it is incremental in applying existing test-time compute methodologies to jailbreaking.
The paper tackled the problem of jailbreaking aligned large language models by developing an adversarial reasoning approach that uses a loss signal to guide test-time compute, achieving state-of-the-art attack success rates against many models.
As large language models (LLMs) are becoming more capable and widespread, the study of their failure cases is becoming increasingly important. Recent advances in standardizing, measuring, and scaling test-time compute suggest new methodologies for optimizing models to achieve high performance on hard tasks. In this paper, we apply these advances to the task of model jailbreaking: eliciting harmful responses from aligned LLMs. We develop an adversarial reasoning approach to automatic jailbreaking that leverages a loss signal to guide the test-time compute, achieving SOTA attack success rates against many aligned LLMs, even those that aim to trade inference-time compute for adversarial robustness. Our approach introduces a new paradigm in understanding LLM vulnerabilities, laying the foundation for the development of more robust and trustworthy AI systems.