Adversarial Black Box Attacks to Disrupt Large Language Models via Reinforcement Learning
摘要
Large Language Models (LLMs) are effective in solving natural language processing (NLP) tasks, i.e. question answering and text generation. Recent works showed the possibility of generating adversarial suffixes to get valid responses from LLMs to reply to harmful prompts, under both white-box and black-box assumptions. In this work, we propose a novel black-box approach to optimize for an adversarial suffix that would bypass the LLMs’ guardrails using Reinforcement Learning (RL). We adopted a well-known policy-gradient RL algorithm (i.e. REINFORCE) in a novel fashion, in generating adversarial suffixes to be applied at the Application Programming Interface (API) level. Our results showed that our attack approach beats our selected baseline, despite its conceptual simplicity. We also show that our generated suffixes can break public-facing LLMs and we believe that our work using RL can serve as a basis for future research.