Enhancing Jailbreak Attacks on LLMs via Persona Prompts
This work addresses vulnerabilities in LLM safety, which is crucial for preventing harmful content generation, though it is incremental as it builds on prior jailbreak approaches.
The study tackled the problem of jailbreak attacks on large language models (LLMs) by exploring persona prompts to bypass safety mechanisms, resulting in a 50-70% reduction in refusal rates and a 10-20% increase in success rates when combined with existing methods.
Jailbreak attacks aim to exploit large language models (LLMs) by inducing them to generate harmful content, thereby revealing their vulnerabilities. Understanding and addressing these attacks is crucial for advancing the field of LLM safety. Previous jailbreak approaches have mainly focused on direct manipulations of harmful intent, with limited attention to the impact of persona prompts. In this study, we systematically explore the efficacy of persona prompts in compromising LLM defenses. We propose a genetic algorithm-based method that automatically crafts persona prompts to bypass LLM's safety mechanisms. Our experiments reveal that: (1) our evolved persona prompts reduce refusal rates by 50-70% across multiple LLMs, and (2) these prompts demonstrate synergistic effects when combined with existing attack methods, increasing success rates by 10-20%. Our code and data are available at https://github.com/CjangCjengh/Generic_Persona.