Saved in:
Bibliographic Details
Main Authors: Zhou, Yukai, Yang, Sibei, Wang, Wenjie
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2506.07402
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910995488702464
author Zhou, Yukai
Yang, Sibei
Wang, Wenjie
author_facet Zhou, Yukai
Yang, Sibei
Wang, Wenjie
contents Large language models (LLMs) are increasingly deployed in real-world applications, raising concerns about their security. While jailbreak attacks highlight failures under overtly harmful queries, they overlook a critical risk: incorrectly answering harmless-looking inputs can be dangerous and cause real-world harm (Implicit Harm). We systematically reformulate the LLM risk landscape through a structured quadrant perspective based on output factuality and input harmlessness, uncovering an overlooked high-risk region. To investigate this gap, we propose JailFlipBench, a benchmark aims to capture implicit harm, spanning single-modal, multimodal, and factual extension scenarios with diverse evaluation metrics. We further develop initial JailFlip attack methodologies and conduct comprehensive evaluations across multiple open-source and black-box LLMs, show that implicit harm present immediate and urgent real-world risks, calling for broader LLM safety assessments and alignment beyond conventional jailbreak paradigms.
format Preprint
id arxiv_https___arxiv_org_abs_2506_07402
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Beyond Jailbreaks: Revealing Stealthier and Broader LLM Security Risks Stemming from Alignment Failures
Zhou, Yukai
Yang, Sibei
Wang, Wenjie
Cryptography and Security
Computation and Language
Large language models (LLMs) are increasingly deployed in real-world applications, raising concerns about their security. While jailbreak attacks highlight failures under overtly harmful queries, they overlook a critical risk: incorrectly answering harmless-looking inputs can be dangerous and cause real-world harm (Implicit Harm). We systematically reformulate the LLM risk landscape through a structured quadrant perspective based on output factuality and input harmlessness, uncovering an overlooked high-risk region. To investigate this gap, we propose JailFlipBench, a benchmark aims to capture implicit harm, spanning single-modal, multimodal, and factual extension scenarios with diverse evaluation metrics. We further develop initial JailFlip attack methodologies and conduct comprehensive evaluations across multiple open-source and black-box LLMs, show that implicit harm present immediate and urgent real-world risks, calling for broader LLM safety assessments and alignment beyond conventional jailbreak paradigms.
title Beyond Jailbreaks: Revealing Stealthier and Broader LLM Security Risks Stemming from Alignment Failures
topic Cryptography and Security
Computation and Language
url https://arxiv.org/abs/2506.07402