Jailbreak Detection in Clinical Training LLMs Using Feature-Based Predictive Models
This addresses jailbreak threats in sensitive educational domains like clinical training, offering an explainable detection method, though it is incremental as it builds on existing feature-based approaches.
The study tackled jailbreak detection in clinical training LLMs by using linguistic features to train predictive models, achieving better performance than prompt engineering with the Fuzzy Decision Tree as the top performer.
Jailbreaking in Large Language Models (LLMs) threatens their safe use in sensitive domains like education by allowing users to bypass ethical safeguards. This study focuses on detecting jailbreaks in 2-Sigma, a clinical education platform that simulates patient interactions using LLMs. We annotated over 2,300 prompts across 158 conversations using four linguistic variables shown to correlate strongly with jailbreak behavior. The extracted features were used to train several predictive models, including Decision Trees, Fuzzy Logic-based classifiers, Boosting methods, and Logistic Regression. Results show that feature-based predictive models consistently outperformed Prompt Engineering, with the Fuzzy Decision Tree achieving the best overall performance. Our findings demonstrate that linguistic-feature-based models are effective and explainable alternatives for jailbreak detection. We suggest future work explore hybrid frameworks that integrate prompt-based flexibility with rule-based robustness for real-time, spectrum-based jailbreak monitoring in educational LLMs.