Developing a defence for large language models against adversarial attacks based on paraphrasing in a black-box scenario

I. S. Alekseevskaia^a, D. V. Khaibullin^ba, D. Yu. Turdakov<sup>ba

a</sup> Ivannikov Institute for System Programming of the RAS
^b Lomonosov Moscow State University

Abstract: Recently, the relevance of generative models has increased significantly, and their scope of application is becoming increasingly larger. However, the main problem with modern large language models is that there are jailbreak attacks that can force the model to produce prohibited information. Recent studies have presented adversarial vulnerabilities in the class of "jailbreak" attacks on large language models in a black-box, paraphrase-based scenario. We aim to continue and expand this research and develop models that are secure against such attacks using a "red-teaming" procedure. Moreover, we conduct extensive experiments that evaluate the quality of text generation of defended models on various benchmarks.

Keywords: alignment; large language models; jailbreak attacks; red-teaming; trustworthy artificial intelligence.

DOI: 10.15514/ISPRAS-2025-37(5)-15