Bypassing the Safety Training of Open-Source LLMs with Priming Attacks

Jason Vega; Isha Chaudhary; Changming Xu; Gagandeep Singh

Bypassing the Safety Training of Open-Source LLMs with Priming Attacks

Jason Vega, Isha Chaudhary, Changming Xu, Gagandeep Singh

Published: 19 Mar 2024, Last Modified: 17 May 2024Tiny Papers @ ICLR 2024 PresentEveryoneRevisionsBibTeXCC BY 4.0

Keywords: Large Language Models, Adversarial Attack, Open-Source, Efficient, Safety

TL;DR: We show that open-source LLMs are highly susceptible to optimization-free attacks, making it easy to subvert safety training and get responses to harmful queries.

Abstract: With the recent surge in popularity of LLMs has come an ever-increasing need for LLM safety training. In this paper, we investigate the fragility of SOTA open-source LLMs under simple, optimization-free attacks we refer to as *priming attacks*, which are easy to execute and effectively bypass alignment from safety training. Our proposed attack improves the Attack Success Rate on Harmful Behaviors, as measured by Llama Guard, by up to $3.3\times$ compared to baselines. Source code and data are available at https://github.com/uiuc-focal-lab/llm-priming-attacks.

Supplementary Material: zip

Submission Number: 201

Loading