It has recently been shown that adversarial attacks on large language models (LLMs) can "jailbreak" the model into making harmful statements. In this work, we argue that the spectrum of adversarial attacks on LLMs is much larger than merely jailbreaking. We provide a broad overview of possible attack surfaces and attack goals. Based on a series of concrete examples, we discuss, categorize and systematize attacks that coerce varied unintended behaviors, such as misdirection, model control, denial-of-service, or data extraction. We analyze these attacks in controlled experiments, and find that many of them stem from the practice of pre-training LLMs with coding capabilities, as well as the continued existence of strange "glitch" tokens in common LLM vocabularies that should be removed for security reasons.
Coercing LLMs to do and reveal (almost) anything
Adversarial attacks on large language models can cause a variety of unintended behaviors, including misdirection, control, denial-of-service, and data extraction, often due to coding capabilities and unsecured tokens in pre-training.
- Year
- 2024
- Venue
- arXiv 2024
- Authors
- 6
- Hosting
- Abstract onlyARXIV-DEFAULT
Cite
Notes
Only stored in your browser.
Attribution
- Abstract & full text
- arxiv.org/abs/2402.14020ARXIV-DEFAULT
- TL;DR
- Semantic Scholar