With the recent surge in popularity of LLMs has come an ever-increasing need for LLM safety training. In this paper, we investigate the fragility of SOTA open-source LLMs under simple, optimization-free attacks we refer to as $\textit{priming attacks}$, which are easy to execute and effectively bypass alignment from safety training. Our proposed attack improves the Attack Success Rate on Harmful Behaviors, as measured by Llama Guard, by up to $3.3\times$ compared to baselines. Source code and data are available at https://github.com/uiuc-focal-lab/llm-priming-attacks.

翻译：随着大语言模型近期流行的激增，对其安全训练的需求日益增长。本文研究了当前最先进的开源大语言模型在简单、无需优化的攻击（我们称之为“提示攻击”）下的脆弱性，这类攻击易于执行，并能有效绕过安全训练的对齐机制。我们提出的攻击方法相较于基线，在有害行为（由Llama Guard衡量）上的攻击成功率提高了多达3.3倍。源代码和数据可在https://github.com/uiuc-focal-lab/llm-priming-attacks获取。