GraphAttack: Exploiting Representational Blindspots in LLM Safety Mechanisms
Sinan He, An Wang
TL;DR
GraphAttack reveals a fundamental vulnerability in LLM safety by exploiting semantic representations through graph-based transformations. By encoding malicious intent in AMR, RDF, or JSON and leveraging a knowledge-to-code pathway, the approach bypasses intent-based filters and achieves high attack success across multiple state-of-the-art models. The work formalizes semantic jailbreaks as a graph traversal problem, demonstrates superior efficiency over iterative methods, and highlights the need for semantic-aware safety mechanisms that operate across representational forms. These findings have significant implications for designing robust safety alignment techniques and comprehensive red-teaming methodologies in AI systems.
Abstract
Large Language Models (LLMs) have been equipped with safety mechanisms to prevent harmful outputs, but these guardrails can often be bypassed through "jailbreak" prompts. This paper introduces a novel graph-based approach to systematically generate jailbreak prompts through semantic transformations. We represent malicious prompts as nodes in a graph structure with edges denoting different transformations, leveraging Abstract Meaning Representation (AMR) and Resource Description Framework (RDF) to parse user goals into semantic components that can be manipulated to evade safety filters. We demonstrate a particularly effective exploitation vector by instructing LLMs to generate code that realizes the intent described in these semantic graphs, achieving success rates of up to 87% against leading commercial LLMs. Our analysis reveals that contextual framing and abstraction are particularly effective at circumventing safety measures, highlighting critical gaps in current safety alignment techniques that focus primarily on surface-level patterns. These findings provide insights for developing more robust safeguards against structured semantic attacks. Our research contributes both a theoretical framework and practical methodology for systematically stress-testing LLM safety mechanisms.