Exploiting Latent Space Discontinuities for Building Universal LLM Jailbreaks and Data Extraction Attacks
Kayua Oleques Paim, Rodrigo Brandao Mansilha, Diego Kreutz, Muriel Figueredo Franco, Weverton Cordeiro
TL;DR
The paper identifies latent space discontinuities as a fundamental architectural vulnerability in LLMs and related generative systems, proposing a universal jailbreak framework that generalizes across models and modalities. It develops a two-phase methodology and two corpora to study alignment degradation, vulnerability escalation, and maintenance of compromised states, validating the approach on seven LLMs and an Image-RAG system. Key contributions include first systematic exploitation of latent-space topology for jailbreaks and preliminary evidence of data-extraction risks via diffusion models, along with a discussion of societal and security implications. The findings call for defenses that address internal model geometry, beyond traditional input sanitization and prompt-based filters, to improve robustness in deployed AI systems.
Abstract
The rapid proliferation of Large Language Models (LLMs) has raised significant concerns about their security against adversarial attacks. In this work, we propose a novel approach to crafting universal jailbreaks and data extraction attacks by exploiting latent space discontinuities, an architectural vulnerability related to the sparsity of training data. Unlike previous methods, our technique generalizes across various models and interfaces, proving highly effective in seven state-of-the-art LLMs and one image generation model. Initial results indicate that when these discontinuities are exploited, they can consistently and profoundly compromise model behavior, even in the presence of layered defenses. The findings suggest that this strategy has substantial potential as a systemic attack vector.