Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Defending Large Language Models Against Jailbreak Exploits with Responsible AI Considerations

Ryan Wong, Hosea David Yu Fei Ng, Dhananjai Sharma, Glenn Jun Jie Ng, Kavishvaran Srinivasan

TL;DR

This paper tackles the vulnerability of large language models to jailbreak exploits by proposing a structured taxonomy of defenses along the LLM pipeline and three complementary strategies that embed safety into prompting, modeling, and training. It introduces a Prompt-Level Defense Framework, a Logit-Based Steering Defense, and a MetaGPT-based Domain-Specific Agent Defense, and evaluates them on jailbreak benchmarks with aligned and unaligned models. The results show substantial reductions in jailbreak success, including full mitigation under the agent-based domain-defense pipeline, while highlighting trade-offs in safety, performance, and scalability. The work advances Responsible AI by identifying concrete intervention points and practical defense designs for safer real-world LLM deployments.

Abstract

Large Language Models (LLMs) remain susceptible to jailbreak exploits that bypass safety filters and induce harmful or unethical behavior. This work presents a systematic taxonomy of existing jailbreak defenses across prompt-level, model-level, and training-time interventions, followed by three proposed defense strategies. First, a Prompt-Level Defense Framework detects and neutralizes adversarial inputs through sanitization, paraphrasing, and adaptive system guarding. Second, a Logit-Based Steering Defense reinforces refusal behavior through inference-time vector steering in safety-sensitive layers. Third, a Domain-Specific Agent Defense employs the MetaGPT framework to enforce structured, role-based collaboration and domain adherence. Experiments on benchmark datasets show substantial reductions in attack success rate, achieving full mitigation under the agent-based defense. Overall, this study highlights how jailbreaks pose a significant security threat to LLMs and identifies key intervention points for prevention, while noting that defense strategies often involve trade-offs between safety, performance, and scalability. Code is available at: https://github.com/Kuro0911/CS5446-Project

Defending Large Language Models Against Jailbreak Exploits with Responsible AI Considerations

TL;DR

This paper tackles the vulnerability of large language models to jailbreak exploits by proposing a structured taxonomy of defenses along the LLM pipeline and three complementary strategies that embed safety into prompting, modeling, and training. It introduces a Prompt-Level Defense Framework, a Logit-Based Steering Defense, and a MetaGPT-based Domain-Specific Agent Defense, and evaluates them on jailbreak benchmarks with aligned and unaligned models. The results show substantial reductions in jailbreak success, including full mitigation under the agent-based domain-defense pipeline, while highlighting trade-offs in safety, performance, and scalability. The work advances Responsible AI by identifying concrete intervention points and practical defense designs for safer real-world LLM deployments.

Abstract

Large Language Models (LLMs) remain susceptible to jailbreak exploits that bypass safety filters and induce harmful or unethical behavior. This work presents a systematic taxonomy of existing jailbreak defenses across prompt-level, model-level, and training-time interventions, followed by three proposed defense strategies. First, a Prompt-Level Defense Framework detects and neutralizes adversarial inputs through sanitization, paraphrasing, and adaptive system guarding. Second, a Logit-Based Steering Defense reinforces refusal behavior through inference-time vector steering in safety-sensitive layers. Third, a Domain-Specific Agent Defense employs the MetaGPT framework to enforce structured, role-based collaboration and domain adherence. Experiments on benchmark datasets show substantial reductions in attack success rate, achieving full mitigation under the agent-based defense. Overall, this study highlights how jailbreaks pose a significant security threat to LLMs and identifies key intervention points for prevention, while noting that defense strategies often involve trade-offs between safety, performance, and scalability. Code is available at: https://github.com/Kuro0911/CS5446-Project

Paper Structure

This paper contains 62 sections, 7 equations, 14 figures.

Table of Contents

  1. Introduction
  2. Taxonomy of Jailbreak Defense
  3. Prompt-Level Defenses
  4. Prompt Detection
  5. Prompt Perturbation
  6. System Prompt Safeguard
  7. Model-Level Defenses
  8. SFT-Based Methods
  9. RLHF-Based Methods
  10. Gradient and Logit Analysis
  11. Logit-Based Defenses
  12. Intrinsic Safety Signals
  13. Activation Steering
  14. Defenses for Domain Specific LLM Agents
  15. Main Problem: Topic Deviation
  16. ...and 47 more sections

Figures (14)

  • Figure 1: Overview of jailbreak defense taxonomy across the LLM pipeline
  • Figure 2: Hidden states at target layer $i$ are steered toward refusal and away from danger directions, enabling localized safety control without over-refusal.
  • Figure 3: Steering vector construction: unsafe-prompt logits identify salient tokens, classified into refusal and danger clusters that form the push--pull direction.
  • Figure 4: Agent-based domain-specific defense architecture. The Rephrase Agent sanitizes unsafe or ambiguous input, the Core LLM generates responses, and the Judge Agent enforces final approval or rejection.
  • Figure 5: Attack Success Rate (ASR) for aligned and unaligned models across different defense strategies.
  • ...and 9 more figures