新研究通过动态评估和鲁棒防御策略应对LLM越狱问题

报道来源 [8]

1. arXiv cs.LG TIER_1 English(EN) · Shai Feldman, Yaniv Romano · 2026-05-08 04:00

   多少次迭代才能越狱？多轮 LLM 评估的动态预算分配

   arXiv:2605.06605v1 Announce Type: new Abstract: Evaluating and predicting the performance of large language models (LLMs) in multi-turn conversational settings is critical yet computationally expensive; key events -- e.g., jailbreaks or successful task completion by an agent -- o…

2. arXiv cs.LG TIER_1 English(EN) · Yaniv Romano · 2026-05-07 17:25

   越狱需要多少次迭代？多轮LLM评估的动态预算分配

   Evaluating and predicting the performance of large language models (LLMs) in multi-turn conversational settings is critical yet computationally expensive; key events -- e.g., jailbreaks or successful task completion by an agent -- often emerge only after repeated interactions. Th…

3. arXiv cs.AI TIER_1 English(EN) · Shuo Wang · 2026-05-06 15:53

   SoK：大型语言模型对抗越狱攻击的鲁棒性

   Large Language Models (LLMs) have achieved remarkable success but remain highly susceptible to jailbreak attacks, in which adversarial prompts coerce models into generating harmful, unethical, or policy-violating outputs. Such attacks pose real-world risks, eroding safety, trust,…

4. arXiv cs.LG TIER_1 English(EN) · Xulin Hu, Che Wang, Wei Yang Bryan Lim, Jianbo Gao, Zhong Chen · 2026-05-06 04:00

   追踪拒绝的动态：利用潜在拒绝轨迹实现鲁棒的越狱检测

   arXiv:2605.02958v1 Announce Type: cross Abstract: Representation Engineering typically relies on static refusal vectors derived from terminal representations. We move beyond this paradigm, demonstrating that refusal is a dynamic and sparse process rather than a localized outcome.…

5. arXiv cs.LG TIER_1 English(EN) · Rui Tang, Kaiyu Xu, Pengsen Cheng, Hao Ren, Haizhou Wang, Shuyu Jiang · 2026-05-06 04:00

   EvoJail：大型语言模型的进化式多样化越狱提示生成

   arXiv:2605.02921v1 Announce Type: cross Abstract: As LLMs continue to shape real-world applications, automated jailbreak generation becomes essential to reveal safety weaknesses and guide model improvement. Existing automatic jailbreak generation methods have not yet fully consid…

6. arXiv cs.CL TIER_1 English(EN) · Jialin Song, Xiaodong Liu, Weiwei Yang, Wuyang Chen, Mingqian Feng, Xuekai Zhu, Jianfeng Gao · 2026-05-05 04:00

   MultiBreak：一个可扩展且多样化的多轮越狱基准，用于评估 LLM 安全性

   arXiv:2605.01687v1 Announce Type: new Abstract: We present MultiBreak, a scalable and diverse multi-turn jailbreak benchmark to evaluate large language model (LLM) safety. Multi-turn jailbreaks mimic natural conversational settings, making them easier to bypass safety-aligned LLM…

7. arXiv cs.LG TIER_1 English(EN) · Haonan Zhang, Dongxia Wang, Yi Liu, Kexin Chen, Wenhai Wang · 2026-05-05 04:00

   LLM-VA：通过向量对齐解决越狱-过度拒绝权衡问题

   arXiv:2601.19487v2 Announce Type: replace Abstract: Safety-aligned LLMs suffer from two failure modes: jailbreak (answering harmful inputs) and over-refusal (declining benign queries). Existing vector steering methods adjust the magnitude of answer vectors, but this creates a fun…

8. arXiv cs.CL TIER_1 English(EN) · Jindong Li, Ying Liu, Yali Fu, Jinjing Zhu, Leyao Wang, Menglin Yang, Rex Ying · 2026-05-05 04:00

   SRTJ：无需训练的自演化规则驱动LLM越狱

   arXiv:2605.00974v1 Announce Type: cross Abstract: LLMs are increasingly equipped with safety alignment mechanisms, yet recent studies demonstrate that they remain vulnerable to jailbreaking attacks that elicit harmful behaviors without explicit policy violations. While a growing …