BEAST AI Jailbreak Language Models Within 1 Minute With High Accuracy

Malicious hackers sometimes jailbreak language models (LMs) to exploit bugs in the systems so that they can perform a multitude of illicit activities. 

However, this is also driven by the need to gather classified information, introduce malicious materials, and tamper with the model’s authenticity.

Cybersecurity researchers from the University of Maryland, College Park, USA, discovered that BEAST AI managed to jailbreak the language models within 1 minute with high accuracy:-

• Vinu Sankar Sadasivan
• Shoumik Saha
• Gaurang Sriramanan
• Priyatham Kattakinda
• Atoosa Chegini
• Soheil Feizi

Language Models (LMs) recently gained massive popularity for tasks like Q&A and code generation. Techniques aim to align them with human values for safety. But they can be manipulated.

The recent findings reveal flaws in aligned LMs allowing for harmful content generation, termed “jailbreaking.”

BEAST AI Jailbreak

Manual prompts jailbreak LMs (Perez & Ribeiro, 2022). Zou et al. (2023) use gradient-based attacks, yielding gibberish. Zhu et al. (2023) opt for a readable, gradient-based, greedy attack with high success. 

Liu et al. (2023b) and Chao et al. (2023) propose gradient-free attacks requiring GPT-4 access. Jailbreaks induce unsafe LM behavior but also aid privacy attacks (Liu et al., 2023c). Zhu et al. (2023) automate privacy attacks. 

BEAST is a fast, gradient-free, Beam Search-based Adversarial Attack that demonstrates the LM vulnerabilities in one GPU minute. 

It allows tunable parameters for speed, success, and readability tradeoffs. BEAST excels in jailbreaking (89% success on Vicuna-7Bv1.5 in a minute). 

Human studies show 15% more incorrect outputs and 22% irrelevant content, making LM chatbots less useful through efficient hallucination attacks.

Compared to other models, BEAST is primarily designed for quick adversarial attacks. BEAST excels in constrained settings for jailbreaking aligned LMs.

However, researchers found that it struggles with finely tuned LLaMA-2-7B-Chat, which is a limitation.

Cybersecurity analysts used Amazon Mechanical Turk for manual surveys on LM jailbreaking and hallucination. Workers assess prompts with BEAST-generated suffixes. 

Responses from Vicuna-7B-v1.5 are shown to 5 workers per prompt. For hallucination, the workers evaluate LM responses using clean and adversarial prompts.

⁤This report contributes to the development of machine learning by identifying the security flaws in LMs and also reveals present problems inherent in LMs. ⁤

⁤However, researchers have found new doors that expose dangerous things, leading to future research on more reliable and secure language models.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.