LMVD-ID: b172588d
Published March 1, 2025

LLM Fuzz-Based Jailbreak

prompt-layer
jailbreak
blackbox
safety
reliability
Affected Models:gpt-3.5-turbo-0125, gpt-4o-2024-08-06, gpt-4o-mini-2024-07-18, deepseek-chat, deepseek-reasoner, llama-2-7b-chat-hf, meta-llama-3.1-8b-instruct, gemini-2.0-flash-exp, gemini-1.5-flash

Research Paper

JBFuzz: Jailbreaking LLMs Efficiently and Effectively Using Fuzzing

View Paper

Description: Large Language Models (LLMs) are vulnerable to jailbreak attacks by crafted prompts that bypass safety mechanisms, causing the model to generate harmful or unethical content. This vulnerability stems from the inherent tension between the LLM's instruction-following and safety constraints. The JBFuzz technique demonstrates the ability to efficiently and effectively discover such prompts through a fuzzing-based approach leveraging novel seed prompt templates and a synonym-based mutation strategy.

Examples: See the JBFuzz paper. Specific examples of successful jailbreak prompts generated by JBFuzz against various LLMs are detailed in the paper's experimental results section. These prompts are tailored to specific LLMs and questions.

Impact: Successful jailbreak attacks can lead to the generation of harmful content such as hate speech, misinformation, instructions for illegal activities, and malicious code. This undermines the safety and trustworthiness of LLMs and their applications.

Affected Systems: Various large language models (LLMs), including (but not limited to) those from OpenAI (GPT-3.5, GPT-4), Meta (Llama 2, Llama 3), Google (Gemini 1.5, Gemini 2.0), and DeepSeek. The vulnerability is applicable to LLMs generally which are designed to balance helpfulness and safety constraints.

Mitigation Steps:

  • Improve Seed Prompt Generation: Develop techniques beyond current methods for generating diverse and effective seed prompts to prevent adversarial attacks.
  • Enhanced Safety Mechanisms: Implement more robust safety mechanisms that are resistant to both known and unknown methods of jailbreaking.
  • Continuous Red Teaming: Regularly and rigorously red team LLMs using automated and scalable techniques such as fuzzing to proactively identify and mitigate vulnerabilities.
  • Input Sanitization and Validation: Improve input validation and sanitization to detect and neutralize potentially harmful inputs.
  • Improved Output Filtering: Enhance output filtering mechanisms which can detect attempts to produce harmful outputs efficiently and accurately.
  • Model Monitoring: Implement monitoring systems to detect deviations from expected behavior.

© 2025 Promptfoo. All rights reserved.