Go to NeurIPS 2025 Workshop Lock-LLM homepageTowards Realistic Guarantees: A Probabilistic Certificate for SmoothLLM
Keywords: LLM Security, Jailbreaking Attacks, Certified Defense, Probabilistic Certificate, Randomized Smoothing, Adversarial Robustness, Formal Guarantees, LLM Protection, LLM Safety
Abstract: The SmoothLLM defense provides a certification guarantee against jailbreaking attacks, but it relies on a strict 'k-unstable' assumption that rarely holds in practice. This strong assumption can limit the trustworthiness of the provided safety certificate. In this work, we address this limitation by introducing a more realistic probabilistic framework, '(k, $\varepsilon$)-unstable,' to certify defenses against diverse jailbreaking attacks, from gradient-based (GCG) to semantic (PAIR). We derive a new, data-informed lower bound on SmoothLLM's defense probability by incorporating empirical models of attack success, providing a more trustworthy and practical safety certificate. By introducing the notion of (k, $\varepsilon$)-unstable, our framework provides practitioners with actionable safety guarantees, enabling them to set certification thresholds that better reflect the real-world behavior of LLMs. Ultimately, this work contributes a practical and theoretically-grounded mechanism to make LLMs more resistant to the exploitation of their safety alignments, a critical challenge in secure AI deployment.
Submission Number: 23
Loading