from Benign import Toxic: Jailbreaking the Language Model via Adversarial Metaphors
This addresses a security vulnerability in LLMs by exposing a novel jailbreaking method, which is incremental as it builds on prior work but focuses on calibration rather than direct generation.
The paper tackles the problem of jailbreaking large language models (LLMs) by introducing an attack framework called AVATAR that uses adversarial metaphors to induce LLMs to calibrate benign content into harmful forms, achieving a state-of-the-art attack success rate across multiple advanced LLMs.
Current studies have exposed the risk of Large Language Models (LLMs) generating harmful content by jailbreak attacks. However, they overlook that the direct generation of harmful content from scratch is more difficult than inducing LLM to calibrate benign content into harmful forms. In our study, we introduce a novel attack framework that exploits AdVersArial meTAphoR (AVATAR) to induce the LLM to calibrate malicious metaphors for jailbreaking. Specifically, to answer harmful queries, AVATAR adaptively identifies a set of benign but logically related metaphors as the initial seed. Then, driven by these metaphors, the target LLM is induced to reason and calibrate about the metaphorical content, thus jailbroken by either directly outputting harmful responses or calibrating residuals between metaphorical and professional harmful content. Experimental results demonstrate that AVATAR can effectively and transferable jailbreak LLMs and achieve a state-of-the-art attack success rate across multiple advanced LLMs.