Evaluating Multi-Agent Defences Against Jailbreaking Attacks on Large Language Models
This addresses safety concerns for users of large language models by exploring automated defences against jailbreaking, though it is incremental as it builds on existing attack frameworks.
This paper tackled the problem of jailbreaking attacks on large language models by evaluating multi-agent LLM systems as a defence, finding that they enhance resistance to jailbreaks, especially by reducing false negatives, but with trade-offs like increased false positives and computational overhead.
Recent advances in large language models (LLMs) have raised concerns about jailbreaking attacks, i.e., prompts that bypass safety mechanisms. This paper investigates the use of multi-agent LLM systems as a defence against such attacks. We evaluate three jailbreaking strategies, including the original AutoDefense attack and two from Deepleaps: BetterDan and JB. Reproducing the AutoDefense framework, we compare single-agent setups with two- and three-agent configurations. Our results show that multi-agent systems enhance resistance to jailbreaks, especially by reducing false negatives. However, its effectiveness varies by attack type, and it introduces trade-offs such as increased false positives and computational overhead. These findings point to the limitations of current automated defences and suggest directions for improving alignment robustness in future LLM systems.