{"id":"https://openalex.org/W4404341666","doi":"https://doi.org/10.48550/arxiv.2410.22143","title":"AmpleGCG-Plus: A Strong Generative Model of Adversarial Suffixes to Jailbreak LLMs with Higher Success Rates in Fewer Attempts","display_name":"AmpleGCG-Plus: A Strong Generative Model of Adversarial Suffixes to Jailbreak LLMs with Higher Success Rates in Fewer Attempts","publication_year":2024,"publication_date":"2024-10-29","ids":{"openalex":"https://openalex.org/W4404341666","doi":"https://doi.org/10.48550/arxiv.2410.22143"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2410.22143","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2410.22143","pdf_url":"https://arxiv.org/pdf/2410.22143","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2410.22143","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5111152779","display_name":"Vishal Kumar","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Kumar, Vishal","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104175587","display_name":"Zeyi Liao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liao, Zeyi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113307582","display_name":"Jaylen Jones","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jones, Jaylen","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5101488340","display_name":"Huan Sun","orcid":"https://orcid.org/0000-0001-6436-4813"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sun, Huan","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5111152779"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9782999753952026,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9782999753952026,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9742000102996826,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12357","display_name":"Digital Media Forensic Detection","score":0.9717000126838684,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/generative-grammar","display_name":"Generative grammar","score":0.7482348084449768},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6713588237762451},{"id":"https://openalex.org/keywords/linguistics","display_name":"Linguistics","score":0.4898500144481659},{"id":"https://openalex.org/keywords/generative-model","display_name":"Generative model","score":0.48033252358436584},{"id":"https://openalex.org/keywords/econometrics","display_name":"Econometrics","score":0.3881198763847351},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.3454418182373047},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.31313356757164},{"id":"https://openalex.org/keywords/economics","display_name":"Economics","score":0.2908146381378174},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.2685023546218872},{"id":"https://openalex.org/keywords/philosophy","display_name":"Philosophy","score":0.13591966032981873}],"concepts":[{"id":"https://openalex.org/C39890363","wikidata":"https://www.wikidata.org/wiki/Q36108","display_name":"Generative grammar","level":2,"score":0.7482348084449768},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6713588237762451},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.4898500144481659},{"id":"https://openalex.org/C167966045","wikidata":"https://www.wikidata.org/wiki/Q5532625","display_name":"Generative model","level":3,"score":0.48033252358436584},{"id":"https://openalex.org/C149782125","wikidata":"https://www.wikidata.org/wiki/Q160039","display_name":"Econometrics","level":1,"score":0.3881198763847351},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.3454418182373047},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.31313356757164},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.2908146381378174},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.2685023546218872},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.13591966032981873}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2410.22143","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2410.22143","pdf_url":"https://arxiv.org/pdf/2410.22143","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"doi:10.48550/arxiv.2410.22143","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2410.22143","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2410.22143","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2410.22143","pdf_url":"https://arxiv.org/pdf/2410.22143","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4404341666.pdf"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4365211920","https://openalex.org/W3014948380","https://openalex.org/W4380551139","https://openalex.org/W4317695495","https://openalex.org/W4395044357","https://openalex.org/W4287117424","https://openalex.org/W4387506531","https://openalex.org/W2087346071","https://openalex.org/W2967848559","https://openalex.org/W4299831724"],"abstract_inverted_index":{"Although":[0],"large":[1],"language":[2,20,70],"models":[3,165],"(LLMs)":[4],"are":[5],"typically":[6],"aligned,":[7],"they":[8],"remain":[9],"vulnerable":[10],"to":[11,76,103,138,169],"jailbreaking":[12],"through":[13],"either":[14],"carefully":[15],"crafted":[16],"prompts":[17],"in":[18,37,67,89,131,140,151],"natural":[19],"or,":[21],"interestingly,":[22],"gibberish":[23,27,54,108],"adversarial":[24,55],"suffixes.":[25,109],"However,":[26],"tokens":[28],"have":[29],"received":[30],"relatively":[31],"less":[32],"attention":[33,75],"despite":[34],"their":[35],"success":[36,133],"attacking":[38],"aligned":[39],"LLMs.":[40],"Recent":[41],"work,":[42],"AmpleGCG~\\citep{liao2024amplegcg},":[43],"demonstrates":[44],"that":[45,85,119],"a":[46,62,93,114],"generative":[47],"model":[48],"can":[49],"quickly":[50],"produce":[51],"numerous":[52],"customizable":[53],"suffixes":[56],"for":[57],"any":[58],"harmful":[59],"query,":[60],"exposing":[61],"range":[63],"of":[64,95,107,136,164],"alignment":[65],"gaps":[66],"out-of-distribution":[68],"(OOD)":[69],"spaces.":[71],"To":[72],"bring":[73],"more":[74,147],"this":[77],"area,":[78],"we":[79,98],"introduce":[80],"AmpleGCG-Plus,":[81],"an":[82],"enhanced":[83],"version":[84],"achieves":[86],"better":[87],"performance":[88],"fewer":[90],"attempts.":[91],"Through":[92],"series":[94,163],"exploratory":[96],"experiments,":[97],"identify":[99],"several":[100],"training":[101,189],"strategies":[102],"improve":[104],"the":[105,141,152,160,175],"learning":[106],"Our":[110],"results,":[111],"verified":[112],"under":[113],"strict":[115],"evaluation":[116],"setting,":[117],"show":[118],"it":[120],"outperforms":[121],"AmpleGCG":[122],"on":[123],"both":[124],"open-weight":[125],"and":[126,146],"closed-source":[127],"models,":[128],"achieving":[129],"increases":[130],"attack":[132],"rate":[134],"(ASR)":[135],"up":[137],"17\\%":[139],"white-box":[142],"setting":[143,154],"against":[144,155,174],"Llama-2-7B-chat,":[145],"than":[148],"tripling":[149],"ASR":[150],"black-box":[153],"GPT-4.":[156],"Notably,":[157],"AmpleGCG-Plus":[158,184],"jailbreaks":[159],"newer":[161],"GPT-4o":[162],"at":[166],"similar":[167],"rates":[168],"GPT-4,":[170],"and,":[171],"uncovers":[172],"vulnerabilities":[173],"recently":[176],"proposed":[177],"circuit":[178],"breakers":[179],"defense.":[180],"We":[181],"publicly":[182],"release":[183],"along":[185],"with":[186],"our":[187],"collected":[188],"datasets.":[190]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-04-17T18:11:37.981687","created_date":"2024-11-14T00:00:00"}