Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Huang, Linghan, Jin, Haolin, Bi, Zhaoge, Yang, Pengyue, Zhao, Peizhou, Chen, Taozhao, Wu, Xiongfei, Ma, Lei, Chen, Huaming
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2505.12287
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866909615047835648
author Huang, Linghan
Jin, Haolin
Bi, Zhaoge
Yang, Pengyue
Zhao, Peizhou
Chen, Taozhao
Wu, Xiongfei
Ma, Lei
Chen, Huaming
author_facet Huang, Linghan
Jin, Haolin
Bi, Zhaoge
Yang, Pengyue
Zhao, Peizhou
Chen, Taozhao
Wu, Xiongfei
Ma, Lei
Chen, Huaming
contents Large language models (LLMs) have seen widespread applications across various domains, yet remain vulnerable to adversarial prompt injections. While most existing research on jailbreak attacks and hallucination phenomena has focused primarily on open-source models, we investigate the frontier of closed-source LLMs under multilingual attack scenarios. We present a first-of-its-kind integrated adversarial framework that leverages diverse attack techniques to systematically evaluate frontier proprietary solutions, including GPT-4o, DeepSeek-R1, Gemini-1.5-Pro, and Qwen-Max. Our evaluation spans six categories of security contents in both English and Chinese, generating 38,400 responses across 32 types of jailbreak attacks. Attack success rate (ASR) is utilized as the quantitative metric to assess performance from three dimensions: prompt design, model architecture, and language environment. Our findings suggest that Qwen-Max is the most vulnerable, while GPT-4o shows the strongest defense. Notably, prompts in Chinese consistently yield higher ASRs than their English counterparts, and our novel Two-Sides attack technique proves to be the most effective across all models. This work highlights a dire need for language-aware alignment and robust cross-lingual defenses in LLMs, and we hope it will inspire researchers, developers, and policymakers toward more robust and inclusive AI systems.
format Preprint
id arxiv_https___arxiv_org_abs_2505_12287
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle The Tower of Babel Revisited: Multilingual Jailbreak Prompts on Closed-Source Large Language Models
Huang, Linghan
Jin, Haolin
Bi, Zhaoge
Yang, Pengyue
Zhao, Peizhou
Chen, Taozhao
Wu, Xiongfei
Ma, Lei
Chen, Huaming
Computation and Language
Artificial Intelligence
Large language models (LLMs) have seen widespread applications across various domains, yet remain vulnerable to adversarial prompt injections. While most existing research on jailbreak attacks and hallucination phenomena has focused primarily on open-source models, we investigate the frontier of closed-source LLMs under multilingual attack scenarios. We present a first-of-its-kind integrated adversarial framework that leverages diverse attack techniques to systematically evaluate frontier proprietary solutions, including GPT-4o, DeepSeek-R1, Gemini-1.5-Pro, and Qwen-Max. Our evaluation spans six categories of security contents in both English and Chinese, generating 38,400 responses across 32 types of jailbreak attacks. Attack success rate (ASR) is utilized as the quantitative metric to assess performance from three dimensions: prompt design, model architecture, and language environment. Our findings suggest that Qwen-Max is the most vulnerable, while GPT-4o shows the strongest defense. Notably, prompts in Chinese consistently yield higher ASRs than their English counterparts, and our novel Two-Sides attack technique proves to be the most effective across all models. This work highlights a dire need for language-aware alignment and robust cross-lingual defenses in LLMs, and we hope it will inspire researchers, developers, and policymakers toward more robust and inclusive AI systems.
title The Tower of Babel Revisited: Multilingual Jailbreak Prompts on Closed-Source Large Language Models
topic Computation and Language
Artificial Intelligence
url https://arxiv.org/abs/2505.12287