MetaBreak: Jailbreaking Online LLM Services via Special Token Manipulation
Researchers have developed two new methods to improve the safety and performance of Large Language Models (LLMs). MetaBreak jailbreaks online LLM services by manipulating special tokens, while Adaptive Safe Context Learning (ASCL) mitigates the safety-utility trade-off in LLM alignment.
MetaBreak exploits special tokens created during the fine-tuning process of LLMs to bypass internal safety alignment and content moderation systems. According to the study published on arXiv[1], MetaBreak outperforms state-of-the-art solutions PAP and GPTFuzzer by 11.6% and 34.8%, respectively, when content moderation is deployed. Meanwhile, a separate study on arXiv[2] proposes the ASCL framework, which decouples rule retrieval and subsequent reasoning to improve overall performance. LLMs have achieved remarkable success in complex reasoning tasks, but safety alignment remains a core challenge due to the inherent trade-off between safety and utility[2]. Prevailing alignment strategies typically construct CoT training data with explicit safety rules via context distillation. The ASCL framework aims to address this challenge by improving the safety-utility trade-off. Notably, MetaBreak employs a fundamentally different strategy from prompt engineering, and the two approaches can work synergistically, boosting jailbreak rates by 24.3% and 20.2% when combined with PAP and GPTFuzzer, respectively[1].
benchmarkresearch-papersafety-research
Background sources we checked (1)
- arxiv.org ↗ Unlike regular tokens derived from existing text corpora, special tokens are artificially created to annotate structured conversations during the fine-tuning process of Large Language Models (LLMs). Serving as metadata of training data, these tokens play a crucial role in instruc…