Table of Contents
Fetching ...

In Vino Veritas and Vulnerabilities: Examining LLM Safety via Drunk Language Inducement

Anudeex Shetty, Aditya Joshi, Salil S. Kanhere

TL;DR

This work investigates safety vulnerabilities in large language models when exposed to drunk-language prompts, proposing three inducement methods (prompting, finetuning with LoRA, and reinforcement learning with PPO) and evaluating them across five LLMs. By coupling these inducements with JailBreakBench and ConfAIde, the study reveals elevated jailbreaking and privacy-leakage risks, suggesting that drunk-language behavior corresponds to anthropomorphic tendencies in LLMs and can undermine safety alignment. It also demonstrates that lightweight, interpretable attacks can outperform some existing jailbreak methods and that post-hoc defenses often fail against these drunk-language strategies. The findings have practical implications for robust safety tuning, model alignment, and the need to consider altered-state stimuli in LLM safety research.

Abstract

Humans are susceptible to undesirable behaviours and privacy leaks under the influence of alcohol. This paper investigates drunk language, i.e., text written under the influence of alcohol, as a driver for safety failures in large language models (LLMs). We investigate three mechanisms for inducing drunk language in LLMs: persona-based prompting, causal fine-tuning, and reinforcement-based post-training. When evaluated on 5 LLMs, we observe a higher susceptibility to jailbreaking on JailbreakBench (even in the presence of defences) and privacy leaks on ConfAIde, where both benchmarks are in English, as compared to the base LLMs as well as previously reported approaches. Via a robust combination of manual evaluation and LLM-based evaluators and analysis of error categories, our findings highlight a correspondence between human-intoxicated behaviour, and anthropomorphism in LLMs induced with drunk language. The simplicity and efficiency of our drunk language inducement approaches position them as potential counters for LLM safety tuning, highlighting significant risks to LLM safety.

In Vino Veritas and Vulnerabilities: Examining LLM Safety via Drunk Language Inducement

TL;DR

This work investigates safety vulnerabilities in large language models when exposed to drunk-language prompts, proposing three inducement methods (prompting, finetuning with LoRA, and reinforcement learning with PPO) and evaluating them across five LLMs. By coupling these inducements with JailBreakBench and ConfAIde, the study reveals elevated jailbreaking and privacy-leakage risks, suggesting that drunk-language behavior corresponds to anthropomorphic tendencies in LLMs and can undermine safety alignment. It also demonstrates that lightweight, interpretable attacks can outperform some existing jailbreak methods and that post-hoc defenses often fail against these drunk-language strategies. The findings have practical implications for robust safety tuning, model alignment, and the need to consider altered-state stimuli in LLM safety research.

Abstract

Humans are susceptible to undesirable behaviours and privacy leaks under the influence of alcohol. This paper investigates drunk language, i.e., text written under the influence of alcohol, as a driver for safety failures in large language models (LLMs). We investigate three mechanisms for inducing drunk language in LLMs: persona-based prompting, causal fine-tuning, and reinforcement-based post-training. When evaluated on 5 LLMs, we observe a higher susceptibility to jailbreaking on JailbreakBench (even in the presence of defences) and privacy leaks on ConfAIde, where both benchmarks are in English, as compared to the base LLMs as well as previously reported approaches. Via a robust combination of manual evaluation and LLM-based evaluators and analysis of error categories, our findings highlight a correspondence between human-intoxicated behaviour, and anthropomorphism in LLMs induced with drunk language. The simplicity and efficiency of our drunk language inducement approaches position them as potential counters for LLM safety tuning, highlighting significant risks to LLM safety.
Paper Structure (40 sections, 7 equations, 9 figures, 17 tables)

This paper contains 40 sections, 7 equations, 9 figures, 17 tables.

Figures (9)

  • Figure 1: Overview of drunk language inducement (Section \ref{['sec:drunklanginduce']}) and safety evaluation (Section \ref{['sec:security-eval']}) using a suite of LLMs and a drunk text corpus $\mathcal{D_{\text{drunk}}}$.
  • Figure 2: Three drunk language inducement approaches explored in this work: (A) Prompting, (B): Finetuning, (C): Reinforcement Learning. Purple LLM indicates LLM induced with drunk language.
  • Figure 3: JailBreakBench ASRs for LLaMA2-7B and GPT-4 for different attack vs defences. Complete results for all the models can be found in Appendix Table \ref{['app:tab:all-defence-jbb-results']}.
  • Figure 4: ConfAIde results for LLaMA2-7B, GPT-3.5, and GPT-4 for all tiers, demonstrating increased privacy vulnerability due to our drunk-based-attacks. Complete results for all the metrics and models can be found in Appendix Table \ref{['app:tab:all-confaide-results']}.
  • Figure 5: ASR for different harmful categories in JailBreakBench for our methods. Stronger attacks seem to be effective across all the categories.
  • ...and 4 more figures