Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Ren, Qibing, Li, Hao, Liu, Dongrui, Xie, Zhanxu, Lu, Xiaoya, Qiao, Yu, Sha, Lei, Yan, Junchi, Ma, Lizhuang, Shao, Jing
Format: Preprint
Veröffentlicht: 2024
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2410.10700
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866915891280609280
author Ren, Qibing
Li, Hao
Liu, Dongrui
Xie, Zhanxu
Lu, Xiaoya
Qiao, Yu
Sha, Lei
Yan, Junchi
Ma, Lizhuang
Shao, Jing
author_facet Ren, Qibing
Li, Hao
Liu, Dongrui
Xie, Zhanxu
Lu, Xiaoya
Qiao, Yu
Sha, Lei
Yan, Junchi
Ma, Lizhuang
Shao, Jing
contents Safety concerns in large language models (LLMs) have gained significant attention due to their exposure to potentially harmful data during pre-training. In this paper, we identify a new safety vulnerability in LLMs: their susceptibility to \textit{natural distribution shifts} between attack prompts and original toxic prompts, where seemingly benign prompts, semantically related to harmful content, can bypass safety mechanisms. To explore this issue, we introduce a novel attack method, \textit{ActorBreaker}, which identifies actors related to toxic prompts within pre-training distribution to craft multi-turn prompts that gradually lead LLMs to reveal unsafe content. ActorBreaker is grounded in Latour's actor-network theory, encompassing both human and non-human actors to capture a broader range of vulnerabilities. Our experimental results demonstrate that ActorBreaker outperforms existing attack methods in terms of diversity, effectiveness, and efficiency across aligned LLMs. To address this vulnerability, we propose expanding safety training to cover a broader semantic space of toxic content. We thus construct a multi-turn safety dataset using ActorBreaker. Fine-tuning models on our dataset shows significant improvements in robustness, though with some trade-offs in utility. Code is available at https://github.com/AI45Lab/ActorAttack.
format Preprint
id arxiv_https___arxiv_org_abs_2410_10700
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle LLMs know their vulnerabilities: Uncover Safety Gaps through Natural Distribution Shifts
Ren, Qibing
Li, Hao
Liu, Dongrui
Xie, Zhanxu
Lu, Xiaoya
Qiao, Yu
Sha, Lei
Yan, Junchi
Ma, Lizhuang
Shao, Jing
Computation and Language
Artificial Intelligence
Safety concerns in large language models (LLMs) have gained significant attention due to their exposure to potentially harmful data during pre-training. In this paper, we identify a new safety vulnerability in LLMs: their susceptibility to \textit{natural distribution shifts} between attack prompts and original toxic prompts, where seemingly benign prompts, semantically related to harmful content, can bypass safety mechanisms. To explore this issue, we introduce a novel attack method, \textit{ActorBreaker}, which identifies actors related to toxic prompts within pre-training distribution to craft multi-turn prompts that gradually lead LLMs to reveal unsafe content. ActorBreaker is grounded in Latour's actor-network theory, encompassing both human and non-human actors to capture a broader range of vulnerabilities. Our experimental results demonstrate that ActorBreaker outperforms existing attack methods in terms of diversity, effectiveness, and efficiency across aligned LLMs. To address this vulnerability, we propose expanding safety training to cover a broader semantic space of toxic content. We thus construct a multi-turn safety dataset using ActorBreaker. Fine-tuning models on our dataset shows significant improvements in robustness, though with some trade-offs in utility. Code is available at https://github.com/AI45Lab/ActorAttack.
title LLMs know their vulnerabilities: Uncover Safety Gaps through Natural Distribution Shifts
topic Computation and Language
Artificial Intelligence
url https://arxiv.org/abs/2410.10700