QGuard:Question-based Zero-shot Guard for Multi-modal LLM Safety
This addresses security risks for real-world LLM services by providing a robust defense against harmful prompts without requiring fine-tuning.
The paper tackles the problem of malicious attacks on Large Language Models (LLMs) using harmful and jailbreak prompts by proposing QGuard, a zero-shot safety guard method that uses question prompting to block such attacks, achieving competitive performance on text-only and multi-modal harmful datasets.
The recent advancements in Large Language Models(LLMs) have had a significant impact on a wide range of fields, from general domains to specialized areas. However, these advancements have also significantly increased the potential for malicious users to exploit harmful and jailbreak prompts for malicious attacks. Although there have been many efforts to prevent harmful prompts and jailbreak prompts, protecting LLMs from such malicious attacks remains an important and challenging task. In this paper, we propose QGuard, a simple yet effective safety guard method, that utilizes question prompting to block harmful prompts in a zero-shot manner. Our method can defend LLMs not only from text-based harmful prompts but also from multi-modal harmful prompt attacks. Moreover, by diversifying and modifying guard questions, our approach remains robust against the latest harmful prompts without fine-tuning. Experimental results show that our model performs competitively on both text-only and multi-modal harmful datasets. Additionally, by providing an analysis of question prompting, we enable a white-box analysis of user inputs. We believe our method provides valuable insights for real-world LLM services in mitigating security risks associated with harmful prompts.