Go to ICLR 2026 Conference homepageEffective and Efficient Jailbreaks of Black-Box LLMs with Cross-Behavior Attacks
Keywords: Large Language Models, Black-Box Jailbreaks, Red-Teaming
TL;DR: We introduce a black-box method that uses cross-behavior learning to quickly and automatically discover effective jailbreak prompts.
Abstract: Despite recent advancements in Large Language Models (LLMs) and their alignment, they can still be jailbroken, i.e., harmful and toxic content can be elicited from them. While existing red-teaming methods have shown promise in uncovering such vulnerabilities, these methods struggle with limited success and high computational and monetary costs. To address this, we propose a black-box *Jailbreak method with Cross-Behavior attacks* (JCB), that can automatically and efficiently find successful jailbreak prompts. JCB leverages successes from past behaviors to help jailbreak new behaviors, thereby significantly improving the attack efficiency. Moreover, JCB does not rely on time- and/or cost-intensive calls to auxiliary LLMs to discover/optimize the jailbreak prompts, making it highly efficient and scalable. Comprehensive experimental evaluations show that JCB significantly outperforms related baselines, requiring up to 94% fewer queries while still achieving 12.9% higher average attack success. JCB also achieves a notably high 37% attack success rate on Llama-2-7B, one of the most resilient LLMs, and shows promising zero-shot transferability across different LLMs.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 23559
Loading