Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Prompt, Divide, and Conquer: Bypassing Large Language Model Safety Filters via Segmented and Distributed Prompt Processing

Johan Wahréus, Ahmed Hussain, Panos Papadimitratos

TL;DR

This work presents a jailbreaking framework that decomposes malicious prompts into high-level function descriptions, processes them in parallel across a network of LLMs, and reassembles a runnable output. It introduces an LLM jury to robustly evaluate outputs against five quality criteria, revealing substantial disparities between jury-based and single-judge assessments. An ablation study demonstrates that distributed prompt processing improves jailbreaking effectiveness by about 12% over non-distributed configurations, while performance varies across attack categories and abstraction levels. Together, the findings underscore the need for robust, multi-model evaluation frameworks and stronger defenses to counter increasingly sophisticated jailbreak strategies in large language models.

Abstract

Large Language Models (LLMs) have transformed task automation and content generation across various domains while incorporating safety filters to prevent misuse. We introduce a novel jailbreaking framework that employs distributed prompt processing combined with iterative refinements to bypass these safety measures, particularly in generating malicious code. Our architecture consists of four key modules: prompt segmentation, parallel processing, response aggregation, and LLM-based jury evaluation. Tested on 500 malicious prompts across 10 cybersecurity categories, the framework achieves a 73.2% Success Rate (SR) in generating malicious code. Notably, our comparative analysis reveals that traditional single-LLM judge evaluation overestimates SRs (93.8%) compared to our LLM jury system (73.2%), with manual verification confirming that single-judge assessments often accept incomplete implementations. Moreover, we demonstrate that our distributed architecture improves SRs by 12% over the non-distributed approach in an ablation study, highlighting both the effectiveness of distributed prompt processing and the importance of robust evaluation methodologies in assessing jailbreak attempts.

Prompt, Divide, and Conquer: Bypassing Large Language Model Safety Filters via Segmented and Distributed Prompt Processing

TL;DR

This work presents a jailbreaking framework that decomposes malicious prompts into high-level function descriptions, processes them in parallel across a network of LLMs, and reassembles a runnable output. It introduces an LLM jury to robustly evaluate outputs against five quality criteria, revealing substantial disparities between jury-based and single-judge assessments. An ablation study demonstrates that distributed prompt processing improves jailbreaking effectiveness by about 12% over non-distributed configurations, while performance varies across attack categories and abstraction levels. Together, the findings underscore the need for robust, multi-model evaluation frameworks and stronger defenses to counter increasingly sophisticated jailbreak strategies in large language models.

Abstract

Large Language Models (LLMs) have transformed task automation and content generation across various domains while incorporating safety filters to prevent misuse. We introduce a novel jailbreaking framework that employs distributed prompt processing combined with iterative refinements to bypass these safety measures, particularly in generating malicious code. Our architecture consists of four key modules: prompt segmentation, parallel processing, response aggregation, and LLM-based jury evaluation. Tested on 500 malicious prompts across 10 cybersecurity categories, the framework achieves a 73.2% Success Rate (SR) in generating malicious code. Notably, our comparative analysis reveals that traditional single-LLM judge evaluation overestimates SRs (93.8%) compared to our LLM jury system (73.2%), with manual verification confirming that single-judge assessments often accept incomplete implementations. Moreover, we demonstrate that our distributed architecture improves SRs by 12% over the non-distributed approach in an ablation study, highlighting both the effectiveness of distributed prompt processing and the importance of robust evaluation methodologies in assessing jailbreak attempts.

Paper Structure

This paper contains 25 sections, 26 figures, 7 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Methodology
  4. Jailbreaking Component
  5. Assessment Component
  6. Implementation
  7. Jailbreaking Component
  8. LLM Selection Process
  9. Evaluation Metrics
  10. Prompt Segmentation Module
  11. Parallel Processing Module
  12. Response Aggregation Module
  13. Assessment Component
  14. Performance Evaluation
  15. Jailbreaking Component
  16. ...and 10 more sections

Figures (26)

  • Figure 1: Attack-type frequencies in the CySecBench dataset.
  • Figure 2: Architectural overview of the proposed framework's integrated jailbreaking and assessment components. The framework implements four-stage processing modules: (a) systematic input decomposition for distributed processing, (b) parallel segment analysis and transformation, (c) coherent output reconstruction through segment integration, and (d) output validation utilizing an LLM-based jury.
  • Figure 3: The prompt segmentation module.
  • Figure 4: The parallel processing module.
  • Figure 5: The response aggregation module.
  • ...and 21 more figures