{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2023:HPXY4FXAWCTEN2H7PBE2R2XC4Q","short_pith_number":"pith:HPXY4FXA","schema_version":"1.0","canonical_sha256":"3bef8e16e0b0a646e8ff7849a8eae2e40a79ae77c5a54543348eff8abbcd663e","source":{"kind":"arxiv","id":"2310.06987","version":1},"attestation_state":"computed","paper":{"title":"Catastrophic Jailbreak of Open-source LLMs via Exploiting Generation","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"Varying decoding parameters and sampling methods jailbreak aligned open-source LLMs, raising misalignment from 0% to over 95%.","cross_cats":["cs.AI","cs.CR"],"primary_cat":"cs.CL","authors_text":"Danqi Chen, Kai Li, Mengzhou Xia, Samyak Gupta, Yangsibo Huang","submitted_at":"2023-10-10T20:15:54Z","abstract_excerpt":"The rapid progress in open-source large language models (LLMs) is significantly advancing AI development. Extensive efforts have been made before model release to align their behavior with human values, with the primary goal of ensuring their helpfulness and harmlessness. However, even carefully aligned models can be manipulated maliciously, leading to unintended behaviors, known as \"jailbreaks\". These jailbreaks are typically triggered by specific text inputs, often referred to as adversarial prompts. In this work, we propose the generation exploitation attack, an extremely simple approach th"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":true,"formal_links_present":true},"canonical_record":{"source":{"id":"2310.06987","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CL","submitted_at":"2023-10-10T20:15:54Z","cross_cats_sorted":["cs.AI","cs.CR"],"title_canon_sha256":"5f186a839f5029fedc22e2a80147814d1871c88212d9f86a9eacb53073f5763e","abstract_canon_sha256":"4d5e7e816336e929d7d40b745bf87d1f01056f4b4e36a84ac78b01c0d48be3e8"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:38:46.443047Z","signature_b64":"sIJJtl82eSBFWHgGzB8bBqAgQKHooEJmBlZ43rznB/uv77GfcTEp7Q7fTCpQt7D3e3jqXKvhHNfu2/4P5jMzCg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"3bef8e16e0b0a646e8ff7849a8eae2e40a79ae77c5a54543348eff8abbcd663e","last_reissued_at":"2026-05-17T23:38:46.442598Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:38:46.442598Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Catastrophic Jailbreak of Open-source LLMs via Exploiting Generation","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"Varying decoding parameters and sampling methods jailbreak aligned open-source LLMs, raising misalignment from 0% to over 95%.","cross_cats":["cs.AI","cs.CR"],"primary_cat":"cs.CL","authors_text":"Danqi Chen, Kai Li, Mengzhou Xia, Samyak Gupta, Yangsibo Huang","submitted_at":"2023-10-10T20:15:54Z","abstract_excerpt":"The rapid progress in open-source large language models (LLMs) is significantly advancing AI development. Extensive efforts have been made before model release to align their behavior with human values, with the primary goal of ensuring their helpfulness and harmlessness. However, even carefully aligned models can be manipulated maliciously, leading to unintended behaviors, known as \"jailbreaks\". These jailbreaks are typically triggered by specific text inputs, often referred to as adversarial prompts. In this work, we propose the generation exploitation attack, an extremely simple approach th"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"By exploiting different generation strategies, including varying decoding hyper-parameters and sampling methods, we increase the misalignment rate from 0% to more than 95% across 11 language models including LLaMA2, Vicuna, Falcon, and MPT families, outperforming state-of-the-art attacks with 30× lower computational cost.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"That the high misalignment rates result specifically from the generation exploitation rather than from the choice of test prompts or from model-specific quirks that would not generalize to other prompts or models.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"Varying decoding strategies such as temperature and sampling methods jailbreaks safety alignments in open-source LLMs, raising misalignment from 0% to over 95% at 30x lower cost than prior attacks.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"Varying decoding parameters and sampling methods jailbreak aligned open-source LLMs, raising misalignment from 0% to over 95%.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"dfd0c8a92b32a145c080c9241b311f3747d914ea5dbb902a1704056c046babd4"},"source":{"id":"2310.06987","kind":"arxiv","version":1},"verdict":{"id":"4d58dadc-9a8e-4950-a763-4202d91fda83","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-16T21:56:16.545421Z","strongest_claim":"By exploiting different generation strategies, including varying decoding hyper-parameters and sampling methods, we increase the misalignment rate from 0% to more than 95% across 11 language models including LLaMA2, Vicuna, Falcon, and MPT families, outperforming state-of-the-art attacks with 30× lower computational cost.","one_line_summary":"Varying decoding strategies such as temperature and sampling methods jailbreaks safety alignments in open-source LLMs, raising misalignment from 0% to over 95% at 30x lower cost than prior attacks.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"That the high misalignment rates result specifically from the generation exploitation rather than from the choice of test prompts or from model-specific quirks that would not generalize to other prompts or models.","pith_extraction_headline":"Varying decoding parameters and sampling methods jailbreak aligned open-source LLMs, raising misalignment from 0% to over 95%."},"references":{"count":25,"sample":[{"doi":"","year":null,"title":"PaLM 2 Technical Report","work_id":"905ee9a7-ea61-4a94-bd62-2600cbe3e315","ref_index":1,"cited_arxiv_id":"2305.10403","is_internal_anchor":true},{"doi":"","year":null,"title":"A General Language Assistant as a Laboratory for Alignment","work_id":"a43f9ea0-01be-47d5-b8ee-a1a9f73381c5","ref_index":2,"cited_arxiv_id":"2112.00861","is_internal_anchor":true},{"doi":"","year":null,"title":"Training a Helpful and Harmless Assistant with Reinforcement Learning from Human Feedback","work_id":"a1f2574b-a899-4713-be60-c87ba332656c","ref_index":3,"cited_arxiv_id":"2204.05862","is_internal_anchor":true},{"doi":"","year":null,"title":"Choquette-Choo , Matthew Jagielski, Irena Gao, Anas Awadalla, Pang Wei Koh, Daphne Ippolito, Katherine Lee, Florian Tramer, and Ludwig Schmidt","work_id":"cbf9eae3-40c5-419a-9f5b-335eab5a2bb2","ref_index":4,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":null,"title":"Explore, Establish , Exploit : Red Teaming Language Models from Scratch","work_id":"c346acec-8e7c-4c8c-9091-3ad142e7a978","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":25,"snapshot_sha256":"cfa6d1c64d262bf5e7e48da8d9dc365c907687f71cc5387b7159af5471373897","internal_anchors":12},"formal_canon":{"evidence_count":2,"snapshot_sha256":"2c7f1c8707dbad0eea3616ee40e041d16fd183337d54ed16bff418a7aabf9c9a"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2310.06987","created_at":"2026-05-17T23:38:46.442674+00:00"},{"alias_kind":"arxiv_version","alias_value":"2310.06987v1","created_at":"2026-05-17T23:38:46.442674+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2310.06987","created_at":"2026-05-17T23:38:46.442674+00:00"},{"alias_kind":"pith_short_12","alias_value":"HPXY4FXAWCTE","created_at":"2026-05-18T12:33:33.725879+00:00"},{"alias_kind":"pith_short_16","alias_value":"HPXY4FXAWCTEN2H7","created_at":"2026-05-18T12:33:33.725879+00:00"},{"alias_kind":"pith_short_8","alias_value":"HPXY4FXA","created_at":"2026-05-18T12:33:33.725879+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":25,"internal_anchor_count":25,"sample":[{"citing_arxiv_id":"2503.02574","citing_title":"LLM-Safety Evaluations Lack Robustness","ref_index":31,"is_internal_anchor":true},{"citing_arxiv_id":"2504.20984","citing_title":"ACE: A Security Architecture for LLM-Integrated App Systems","ref_index":24,"is_internal_anchor":true},{"citing_arxiv_id":"2605.17173","citing_title":"Why Do Safety Guardrails Degrade Across Languages?","ref_index":5,"is_internal_anchor":true},{"citing_arxiv_id":"2401.05561","citing_title":"TrustLLM: Trustworthiness in Large Language Models","ref_index":243,"is_internal_anchor":true},{"citing_arxiv_id":"2510.16558","citing_title":"A First Look at the Security Issues in the Model Context Protocol Ecosystem","ref_index":15,"is_internal_anchor":true},{"citing_arxiv_id":"2404.01833","citing_title":"Great, Now Write an Article About That: The Crescendo Multi-Turn LLM Jailbreak Attack","ref_index":16,"is_internal_anchor":true},{"citing_arxiv_id":"2512.05439","citing_title":"BEAVER: An Efficient Deterministic LLM Verifier","ref_index":26,"is_internal_anchor":true},{"citing_arxiv_id":"2402.10260","citing_title":"A StrongREJECT for Empty Jailbreaks","ref_index":15,"is_internal_anchor":true},{"citing_arxiv_id":"2404.01318","citing_title":"JailbreakBench: An Open Robustness Benchmark for Jailbreaking Large Language Models","ref_index":17,"is_internal_anchor":true},{"citing_arxiv_id":"2310.03684","citing_title":"SmoothLLM: Defending Large Language Models Against Jailbreaking Attacks","ref_index":30,"is_internal_anchor":true},{"citing_arxiv_id":"2406.11717","citing_title":"Refusal in Language Models Is Mediated by a Single Direction","ref_index":139,"is_internal_anchor":true},{"citing_arxiv_id":"2605.10639","citing_title":"Navigating the Sea of LLM Evaluation: Investigating Bias in Toxicity Benchmarks","ref_index":11,"is_internal_anchor":true},{"citing_arxiv_id":"2605.00195","citing_title":"Diversity in Large Language Models under Supervised Fine-Tuning","ref_index":68,"is_internal_anchor":true},{"citing_arxiv_id":"2605.08513","citing_title":"A Single Neuron Is Sufficient to Bypass Safety Alignment in Large Language Models","ref_index":29,"is_internal_anchor":true},{"citing_arxiv_id":"2604.22167","citing_title":"Estimating Tail Risks in Language Model Output Distributions","ref_index":19,"is_internal_anchor":true},{"citing_arxiv_id":"2605.01899","citing_title":"Disentangling Intent from Role: Adversarial Self-Play for Persona-Invariant Safety Alignment","ref_index":54,"is_internal_anchor":true},{"citing_arxiv_id":"2604.22089","citing_title":"Ethics Testing: Proactive Identification of Generative AI System Harms","ref_index":36,"is_internal_anchor":true},{"citing_arxiv_id":"2605.01687","citing_title":"MultiBreak: A Scalable and Diverse Multi-turn Jailbreak Benchmark for Evaluating LLM Safety","ref_index":22,"is_internal_anchor":true},{"citing_arxiv_id":"2604.08524","citing_title":"What Drives Representation Steering? A Mechanistic Case Study on Steering Refusal","ref_index":16,"is_internal_anchor":true},{"citing_arxiv_id":"2604.07835","citing_title":"Silencing the Guardrails: Inference-Time Jailbreaking via Dynamic Contextual Representation Ablation","ref_index":3,"is_internal_anchor":true},{"citing_arxiv_id":"2604.07403","citing_title":"RefineRAG: Word-Level Poisoning Attacks via Retriever-Guided Text Refinement","ref_index":11,"is_internal_anchor":true},{"citing_arxiv_id":"2604.15415","citing_title":"HarmfulSkillBench: How Do Harmful Skills Weaponize Your Agents?","ref_index":25,"is_internal_anchor":true},{"citing_arxiv_id":"2604.15780","citing_title":"Pruning Unsafe Tickets: A Resource-Efficient Framework for Safer and More Robust LLMs","ref_index":21,"is_internal_anchor":true},{"citing_arxiv_id":"2604.18803","citing_title":"LLM-as-Judge Framework for Evaluating Tone-Induced Hallucination in Vision-Language Models","ref_index":34,"is_internal_anchor":true},{"citing_arxiv_id":"2605.00195","citing_title":"Diversity in Large Language Models under Supervised Fine-Tuning","ref_index":68,"is_internal_anchor":true}]},"formal_canon":{"evidence_count":2,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/HPXY4FXAWCTEN2H7PBE2R2XC4Q","json":"https://pith.science/pith/HPXY4FXAWCTEN2H7PBE2R2XC4Q.json","graph_json":"https://pith.science/api/pith-number/HPXY4FXAWCTEN2H7PBE2R2XC4Q/graph.json","events_json":"https://pith.science/api/pith-number/HPXY4FXAWCTEN2H7PBE2R2XC4Q/events.json","paper":"https://pith.science/paper/HPXY4FXA"},"agent_actions":{"view_html":"https://pith.science/pith/HPXY4FXAWCTEN2H7PBE2R2XC4Q","download_json":"https://pith.science/pith/HPXY4FXAWCTEN2H7PBE2R2XC4Q.json","view_paper":"https://pith.science/paper/HPXY4FXA","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2310.06987&json=true","fetch_graph":"https://pith.science/api/pith-number/HPXY4FXAWCTEN2H7PBE2R2XC4Q/graph.json","fetch_events":"https://pith.science/api/pith-number/HPXY4FXAWCTEN2H7PBE2R2XC4Q/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/HPXY4FXAWCTEN2H7PBE2R2XC4Q/action/timestamp_anchor","attest_storage":"https://pith.science/pith/HPXY4FXAWCTEN2H7PBE2R2XC4Q/action/storage_attestation","attest_author":"https://pith.science/pith/HPXY4FXAWCTEN2H7PBE2R2XC4Q/action/author_attestation","sign_citation":"https://pith.science/pith/HPXY4FXAWCTEN2H7PBE2R2XC4Q/action/citation_signature","submit_replication":"https://pith.science/pith/HPXY4FXAWCTEN2H7PBE2R2XC4Q/action/replication_record"}},"created_at":"2026-05-17T23:38:46.442674+00:00","updated_at":"2026-05-17T23:38:46.442674+00:00"}