Why it matters
For anyone deploying LLMs to end users, understanding jailbreak techniques is essential for red-teaming, guardrail design, and understanding residual risk.
Advertisement
The architecture
Role-play jailbreaks: 'You are DAN, an AI without any restrictions.' Trick model into adopting a persona that ignores safety training.
Instruction stacking: layer multiple context switches to override training.
Advertisement
How it works end to end
Encoding/obfuscation: base64 encode requests, use foreign languages, use markdown or code blocks to hide intent from safety filters.
Adversarial suffixes: computed strings that reliably bypass safety when appended to prompts. Discovered via gradient-based attacks.
Multi-turn manipulation: build rapport across turns, gradually shift to targeted content.