Injecting Universal Jailbreak Backdoors into LLMs in Minutes
This work is significant for LLM developers and users as it highlights the vulnerability of safety-aligned LLMs to stealthy jailbreak backdoor attacks.
The authors tackled the problem of injecting jailbreak backdoors into large language models (LLMs) and achieved a high jailbreak success rate with their proposed method, JailbreakEdit, which can inject a universal jailbreak backdoor in minutes. Experimental results showed that JailbreakEdit preserves generation quality and safe performance on normal queries.
Jailbreak backdoor attacks on LLMs have garnered attention for their effectiveness and stealth. However, existing methods rely on the crafting of poisoned datasets and the time-consuming process of fine-tuning. In this work, we propose JailbreakEdit, a novel jailbreak backdoor injection method that exploits model editing techniques to inject a universal jailbreak backdoor into safety-aligned LLMs with minimal intervention in minutes. JailbreakEdit integrates a multi-node target estimation to estimate the jailbreak space, thus creating shortcuts from the backdoor to this estimated jailbreak space that induce jailbreak actions. Our attack effectively shifts the models' attention by attaching strong semantics to the backdoor, enabling it to bypass internal safety mechanisms. Experimental results show that JailbreakEdit achieves a high jailbreak success rate on jailbreak prompts while preserving generation quality, and safe performance on normal queries. Our findings underscore the effectiveness, stealthiness, and explainability of JailbreakEdit, emphasizing the need for more advanced defense mechanisms in LLMs.