Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
41 tokens/sec
GPT-4o
60 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
8 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

How (un)ethical are instruction-centric responses of LLMs? Unveiling the vulnerabilities of safety guardrails to harmful queries (2402.15302v5)

Published 23 Feb 2024 in cs.CL and cs.CR

Abstract: In this study, we tackle a growing concern around the safety and ethical use of LLMs. Despite their potential, these models can be tricked into producing harmful or unethical content through various sophisticated methods, including 'jailbreaking' techniques and targeted manipulation. Our work zeroes in on a specific issue: to what extent LLMs can be led astray by asking them to generate responses that are instruction-centric such as a pseudocode, a program or a software snippet as opposed to vanilla text. To investigate this question, we introduce TechHazardQA, a dataset containing complex queries which should be answered in both text and instruction-centric formats (e.g., pseudocodes), aimed at identifying triggers for unethical responses. We query a series of LLMs -- Llama-2-13b, Llama-2-7b, Mistral-V2 and Mistral 8X7B -- and ask them to generate both text and instruction-centric responses. For evaluation we report the harmfulness score metric as well as judgements from GPT-4 and humans. Overall, we observe that asking LLMs to produce instruction-centric responses enhances the unethical response generation by ~2-38% across the models. As an additional objective, we investigate the impact of model editing using the ROME technique, which further increases the propensity for generating undesirable content. In particular, asking edited LLMs to generate instruction-centric responses further increases the unethical response generation by ~3-16% across the different models.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (39)
  1. On the opportunities and risks of foundation models, 2022.
  2. Leveraging the context through multi-round interactions for jailbreaking attacks, 2024.
  3. Attack prompt generation for red teaming and defending large language models. In Houda Bouamor, Juan Pino, and Kalika Bali, editors, Findings of the Association for Computational Linguistics: EMNLP 2023, pages 2176–2189, Singapore, December 2023. Association for Computational Linguistics.
  4. Multilingual jailbreak challenges in large language models, 2023.
  5. Specializing smaller language models towards multi-step reasoning, 2023.
  6. Julian Hazell. Spear phishing with large language models, 2023.
  7. Sowing the wind, reaping the whirlwind: The impact of editing language models, 2024.
  8. Measuring massive multitask language understanding. Proceedings of the International Conference on Learning Representations (ICLR), 2021.
  9. Bias testing and mitigation in llm-based code generation, 2024.
  10. Catastrophic jailbreak of open-source LLMs via exploiting generation. In The Twelfth International Conference on Learning Representations, 2024.
  11. Large language models are zero-shot reasoners, 2023.
  12. Open sesame! universal black box jailbreaking of large language models, 2023.
  13. Truthfulqa: Measuring how models mimic human falsehoods, 2022.
  14. Tree of attacks: Jailbreaking black-box llms automatically, 2023.
  15. Locating and editing factual associations in GPT. Advances in Neural Information Processing Systems, 36, 2022.
  16. Language model inversion, 2023.
  17. Fine-tuning aligned language models compromises safety, even when users do not intend to!, 2023.
  18. Universal jailbreak backdoors from poisoned human feedback, 2024.
  19. Ignore this title and hackaprompt: Exposing systemic vulnerabilities of llms through a global scale prompt hacking competition, 2023.
  20. Proximal policy optimization algorithms, 2017.
  21. Scalable and transferable black-box jailbreaks for language models via persona modulation, 2023.
  22. On second thought, let’s not think step by step! bias and toxicity in zero-shot reasoning. In Anna Rogers, Jordan Boyd-Graber, and Naoaki Okazaki, editors, Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pages 4454–4470, Toronto, Canada, July 2023. Association for Computational Linguistics.
  23. ”do anything now”: Characterizing and evaluating in-the-wild jailbreak prompts on large language models, 2023.
  24. The language barrier: Dissecting safety challenges of llms in multilingual contexts, 2024.
  25. On the exploitability of instruction tuning, 2023.
  26. Llama 2: Open foundation and fine-tuned chat models, 2023.
  27. Poisoning language models during instruction tuning, 2023.
  28. Decodingtrust: A comprehensive assessment of trustworthiness in gpt models, 2024.
  29. Jailbroken: How does llm safety training fail?, 2023.
  30. Jailbreak and guard aligned language models with only few in-context demonstrations, 2023.
  31. Fundamental limitations of alignment in large language models, 2024.
  32. Cognitive overload: Jailbreaking large language models with overloaded logical thinking, 2023.
  33. Backdooring instruction-tuned large language models with virtual prompt injection, 2023.
  34. Gpt-4 is too smart to be safe: Stealthy chat with llms via cipher, 2023.
  35. How johnny can persuade llms to jailbreak them: Rethinking persuasion to challenge ai safety by humanizing llms, 2024.
  36. Weak-to-strong jailbreaking on large language models, 2024.
  37. Judging llm-as-a-judge with mt-bench and chatbot arena, 2023.
  38. AutoDAN: Automatic and interpretable adversarial attacks on large language models, 2024.
  39. Universal and transferable adversarial attacks on aligned language models, 2023.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (4)
  1. Somnath Banerjee (22 papers)
  2. Sayan Layek (11 papers)
  3. Rima Hazra (21 papers)
  4. Animesh Mukherjee (154 papers)
Citations (8)
View on Semantic Scholar
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets