The rapid evolution of Large Language Models (LLMs) has rendered them indispensable in modern society. While security measures are typically in place to align LLMs with human values prior to release, recent studies have unveiled a concerning phenomenon named "jailbreak." This term refers to the unexpected and potentially harmful responses generated by LLMs when prompted with malicious questions. Existing research focuses on generating jailbreak prompts but our study aim to answer a different question: Is the system message really important to jailbreak in LLMs? To address this question, we conducted experiments in a stable GPT version gpt-3.5-turbo-0613 to generated jailbreak prompts with varying system messages: short, long, and none. We discover that different system messages have distinct resistances to jailbreak by experiments. Additionally, we explore the transferability of jailbreak across LLMs. This finding underscores the significant impact system messages can have on mitigating LLMs jailbreak. To generate system messages that are more resistant to jailbreak prompts, we propose System Messages Evolutionary Algorithms (SMEA). Through SMEA, we can get robust system messages population that demonstrate up to 98.9% resistance against jailbreak prompts. Our research not only bolsters LLMs security but also raises the bar for jailbreak, fostering advancements in this field of study.

翻译：大型语言模型（LLMs）的快速发展使其在现代社会中不可或缺。尽管在发布前通常已采取安全措施以使其与人类价值观对齐，但近期研究揭示了一种名为“越狱”（jailbreak）的令人担忧的现象。该术语指代LLMs在面对恶意问题时生成的意外且可能有害的响应。现有研究专注于生成越狱提示，但我们的研究旨在回答一个不同的问题：系统消息对LLMs越狱是否真的重要？为解决这一问题，我们在稳定的GPT版本gpt-3.5-turbo-0613上进行了实验，通过不同系统消息（短消息、长消息、无消息）生成越狱提示。实验发现，不同系统消息对越狱的抵御能力存在显著差异。此外，我们还探索了越狱在不同LLMs间的可迁移性。这一发现强调了系统消息在缓解LLMs越狱方面的重要作用。为生成更能抵御越狱提示的系统消息，我们提出了系统消息进化算法（SMEA）。通过SMEA，我们获得了鲁棒的系统消息种群，其对越狱提示的抵御能力高达98.9%。本研究不仅增强了LLMs的安全性，还提高了越狱的难度，推动了该领域的研究进展。