Saved in:
Bibliographic Details
Main Authors: Berezin, Sergey, Farahbakhsh, Reza, Crespi, Noel
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2501.18626
Tags: Add Tag
No Tags, Be the first to tag this record!
Table of Contents:
  • We present a novel class of jailbreak adversarial attacks on LLMs, termed Task-in-Prompt (TIP) attacks. Our approach embeds sequence-to-sequence tasks (e.g., cipher decoding, riddles, code execution) into the model's prompt to indirectly generate prohibited inputs. To systematically assess the effectiveness of these attacks, we introduce the PHRYGE benchmark. We demonstrate that our techniques successfully circumvent safeguards in six state-of-the-art language models, including GPT-4o and LLaMA 3.2. Our findings highlight critical weaknesses in current LLM safety alignments and underscore the urgent need for more sophisticated defence strategies. Warning: this paper contains examples of unethical inquiries used solely for research purposes.