Previous research on testing the vulnerabilities in Large Language Models (LLMs) using adversarial attacks has primarily focused on nonsensical prompt injections, which are easily detected upon manual or automated review (e.g., via byte entropy). However, the exploration of innocuous human-understandable malicious prompts augmented with adversarial injections remains limited. In this research, we explore converting a nonsensical suffix attack into a sensible prompt via a situation-driven contextual re-writing. This allows us to show suffix conversion without any gradients, using only LLMs to perform the attacks, and thus better understand the scope of possible risks. We combine an independent, meaningful adversarial insertion and situations derived from movies to check if this can trick an LLM. The situations are extracted from the IMDB dataset, and prompts are defined following a few-shot chain-of-thought prompting. Our approach demonstrates that a successful situation-driven attack can be executed on both open-source and proprietary LLMs. We find that across many LLMs, as few as 1 attempt produces an attack and that these attacks transfer between LLMs.

本研究解决了大型语言模型（LLM）脆弱性测试中对无意义提示注入的关注不足，通过情境驱动的上下文重写将无意义后缀攻击转换为有意义的提示。研究发现，在许多LLM中，仅需一次尝试即可成功执行对抗性攻击，并且这些攻击在不同的LLM之间具有迁移性。

人类可解释的、有情境背景的大型语言模型对抗性提示攻击