GPT-4V has attracted considerable attention due to its extraordinary capacity for integrating and processing multimodal information. At the same time, its ability of face recognition raises new safety concerns of privacy leakage. Despite researchers' efforts in safety alignment through RLHF or preprocessing filters, vulnerabilities might still be exploited. In our study, we introduce AutoJailbreak, an innovative automatic jailbreak technique inspired by prompt optimization. We leverage Large Language Models (LLMs) for red-teaming to refine the jailbreak prompt and employ weak-to-strong in-context learning prompts to boost efficiency. Furthermore, we present an effective search method that incorporates early stopping to minimize optimization time and token expenditure. Our experiments demonstrate that AutoJailbreak significantly surpasses conventional methods, achieving an Attack Success Rate (ASR) exceeding 95.3\%. This research sheds light on strengthening GPT-4V security, underscoring the potential for LLMs to be exploited in compromising GPT-4V integrity.

本研究解决了GPT-4V在隐私泄露方面的安全隐患，提出了一种名为AutoJailbreak的自动破解技术。通过利用大型语言模型进行优化提示和高效搜索方法，我们的实验结果显示该技术的攻击成功率超过95.3%，显著优于传统方法，凸显了大型语言模型在强化GPT-4V安全性中的作用。

大型语言模型能自动破解GPT-4V吗？