Scalable Defense against In-the-wild Jailbreaking Attacks with Safety Context Retrieval
This addresses safety concerns for LLM deployment by providing a scalable defense against evolving jailbreaking threats, though it builds incrementally on existing retrieval-augmented techniques.
The paper tackles the problem of jailbreaking attacks on Large Language Models by proposing Safety Context Retrieval (SCR), a scalable defense that uses retrieval-augmented generation to enhance robustness, achieving superior performance against established and emerging attack tactics.
Large Language Models (LLMs) are known to be vulnerable to jailbreaking attacks, wherein adversaries exploit carefully engineered prompts to induce harmful or unethical responses. Such threats have raised critical concerns about the safety and reliability of LLMs in real-world deployment. While existing defense mechanisms partially mitigate such risks, subsequent advancements in adversarial techniques have enabled novel jailbreaking methods to circumvent these protections, exposing the limitations of static defense frameworks. In this work, we explore defending against evolving jailbreaking threats through the lens of context retrieval. First, we conduct a preliminary study demonstrating that even a minimal set of safety-aligned examples against a particular jailbreak can significantly enhance robustness against this attack pattern. Building on this insight, we further leverage the retrieval-augmented generation (RAG) techniques and propose Safety Context Retrieval (SCR), a scalable and robust safeguarding paradigm for LLMs against jailbreaking. Our comprehensive experiments demonstrate how SCR achieves superior defensive performance against both established and emerging jailbreaking tactics, contributing a new paradigm to LLM safety. Our code will be available upon publication.