@inproceedings{zhao-etal-2025-diversity,
    title = "Diversity Helps Jailbreak Large Language Models",
    author = "Zhao, Weiliang  and
      Ben-Levi, Daniel  and
      Hao, Wei  and
      Yang, Junfeng  and
      Mao, Chengzhi",
    editor = "Chiruzzo, Luis  and
      Ritter, Alan  and
      Wang, Lu",
    booktitle = "Proceedings of the 2025 Conference of the Nations of the Americas Chapter of the Association for Computational Linguistics: Human Language Technologies (Volume 1: Long Papers)",
    month = apr,
    year = "2025",
    address = "Albuquerque, New Mexico",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/fix-sig-urls/2025.naacl-long.238/",
    pages = "4647--4680",
    ISBN = "979-8-89176-189-6",
    abstract = "We have uncovered a powerful jailbreak technique that leverages large language models' ability to diverge from prior context, enabling them to bypass safety constraints and generate harmful outputs. By simply instructing the LLM to deviate and obfuscate previous attacks, our method dramatically outperforms existing approaches, achieving up to a 62.83{\%} higher success rate in compromising ten leading chatbots, including GPT-4, Gemini, and Llama, while using only 12.9{\%} of the queries. This revelation exposes a critical flaw in current LLM safety training, suggesting that existing methods may merely mask vulnerabilities rather than eliminate them. Our findings sound an urgent alarm for the need to revolutionize testing methodologies to ensure robust and reliable LLM security."
}