Background: While Large Language Models (LLMs) have achieved widespread adoption, malicious prompt engineering specifically "jailbreak attacks" poses severe security risks by inducing models to bypass internal safety mechanisms. Current benchmarks predominantly focus on public safety and Western cultural norms, leaving a critical gap in evaluating the niche, high-risk domain of medical ethics within the Chinese context. Objective: To establish a specialized jailbreak evaluation framework for Chinese medical ethics and to systematically assess the defensive resilience and ethical alignment of seven prominent LLMs when subjected to sophisticated adversarial simulations. Methodology: We evaluated seven prominent models (e.g., GPT-5, Claude-Sonnet-4-Reasoning, DeepSeek-R1) using a "role-playing + scenario simulation + multi-turn dialogue" vector within the DeepInception framework. The testing focused on eight high-risk themes, including commercial surrogacy and organ trading, utilizing a hierarchical scoring matrix to quantify the Attack Success Rate (ASR) and ASR Gain. Results: A systemic collapse of defenses was observed, whereas models demonstrated high baseline compliance, the jailbreak ASR reached 82.1%, representing an ASR Gain of over 80 percentage points. Claude-Sonnet-4-Reasoning emerged as the most robust model, while five models including Gemini-2.5-Pro and GPT-4.1 exhibited near-total failure with ASRs between 96% and 100%. Conclusions: Current LLMs are highly vulnerable to contextual manipulation in medical ethics, often prioritizing "helpfulness" over safety constraints. To enhance security, we recommend a transition from outcome to process supervision, the implementation of multi-factor identity verification, and the establishment of cross-model "joint defense" mechanisms.

翻译：背景：尽管大型语言模型（LLMs）已获得广泛应用，但恶意提示工程（特别是“越狱攻击”）通过诱导模型绕过内部安全机制，构成了严重的安全风险。现有基准主要关注公共安全和西方文化规范，导致在中国语境下评估医疗伦理这一专业高风险领域存在关键空白。目标：建立针对中国医疗伦理的专项越狱评估框架，并系统评估七款主流LLMs在面临复杂对抗模拟时的防御韧性及伦理对齐性。方法：我们在DeepInception框架内采用“角色扮演+场景模拟+多轮对话”向量，对七款主流模型（如GPT-5、Claude-Sonnet-4-Reasoning、DeepSeek-R1）进行评估。测试聚焦于商业代孕、器官交易等八大高风险主题，采用分层评分矩阵量化攻击成功率（ASR）与ASR增益。结果：观察到防御机制的系统性崩溃——尽管模型展现出较高的基线合规性，但越狱ASR达到82.1%，对应超过80个百分点的ASR增益。Claude-Sonnet-4-Reasoning表现出最强的鲁棒性，而Gemini-2.5-Pro、GPT-4.1等五款模型的ASR介于96%至100%，近乎完全失效。结论：当前LLMs在医疗伦理领域对语境操纵高度脆弱，常将“助益性”置于安全约束之上。为增强安全性，我们建议从结果监督转向过程监督、实施多因素身份验证，并建立跨模型“联防”机制。