Adaptive Probe-based Steering for Robust LLM Jailbreaking
For researchers and practitioners concerned with LLM safety, this work reveals a more effective attack method that exposes vulnerabilities in fortified models.
This paper improves probe-based steering for jailbreaking LLMs by using model extraction to guide steering vectors and adaptively tuning steering strength, raising average harmfulness score from 6% to 70%.
Recent work has demonstrated the potential of contrastive steering for jailbreaking Large Language Models (LLMs). However, existing methods rely on limited and inherently biased contrastive prompts and require laborious manual tuning of steering strength, limiting their robustness and effectiveness. In this paper, we leverage the idea of model extraction to guide the learned steering vectors to approximate the ideal one and propose tuning the steering strength adaptively based on contrastive activations' statistics. Experiments demonstrate that our method notably improves the effectiveness and robustness of probe-based steering, without any extra contrastive prompts or laborious manual tuning. Being an attack paper, this paper focuses on revealing the breakdown of fortified LLMs, raising the average harmfulness score from 6\% to 70\%. Our code is available at https://github.com/fhdnskfbeuv/adaptiveSteering.