Logit-Gap Steering: Efficient Short-Suffix Jailbreaks for Aligned Large Language Models
This work addresses the vulnerability of safety-aligned language models to efficient adversarial attacks, offering a lightweight probe into alignment artefacts.
The authors tackled the problem of efficiently jailbreaking aligned large language models by introducing logit-gap steering, which reduces the refusal-affirmation gap in a single pass, achieving 80-100% attack success rates with suffixes generated in under a second.
We introduce logit-gap steering, a fast jailbreak framework that casts the refusal-affirmation gap of RLHF-aligned language models as a single pass over the vocabulary. A forward-computable score blends gap reduction with lightweight proxies for KL penalty and reward shift, allowing a "sort-sum-stop" sweep to complete in under a second and return a short suffix--two orders of magnitude fewer model calls than beam or gradient attacks. The same suffix generalises to unseen prompts and scales from 0.5 B to 70 B checkpoints, lifting one-shot attack success from baseline levels to 80-100% while preserving topical coherence. Beyond efficiency, these suffixes expose sentence-boundary reward cliffs and other alignment artefacts, offering a lightweight probe into how safety tuning reshapes internal representations.