Take AISafety.info’s 3 minute survey to help inform our strategy and priorities

Take the survey
Alignment research
Current techniques
What alignment techniques are used on LLMs?
What is reinforcement learning from human feedback (RLHF)?
What is "Constitutional AI"?
What is "jailbreaking" a large language model (LLM)?
What is adversarial training?
How does Redwood Research do adversarial training?
How does DeepMind do adversarial training?
Benchmarks and evals
How is red teaming used in AI alignment?
What is the Abstraction and Reasoning Corpus (ARC)?
Prosaic alignment
What is prosaic alignment?
What is "externalized reasoning oversight"?
What is Iterated Distillation and Amplification (IDA)?
What is AI Safety via Debate?
What is "HCH"?
What is Eliciting Latent Knowledge (ELK)?
What is discovering latent knowledge (DLK)?
How is the Alignment Research Center (ARC) trying to solve Eliciting Latent Knowledge (ELK)?
What is superalignment?
What is scalable oversight?
Interpretability
What is interpretability and what approaches are there?
What is the difference between verifiability, interpretability, transparency, and explainability?
How might interpretability be helpful?
What is neural network modularity?
What is feature visualization?
What are polysemantic neurons?
What is a "polytope" in a neural network?
What is mechanistic interpretability?
Agent foundations
What is "agent foundations"?
What is a "quantilizer"?
Would it help to cut off the top few percent of a quantilizer's distribution?
What are “type signatures”?
What are "true names" in the context of AI alignment?
What is Infra-Bayesianism?
Why might a maximizing AI cause bad outcomes?
What is the "natural abstraction hypothesis"?
Other alignment approaches
What is "metaphilosophy" and how does it relate to AI safety?
What is shard theory?
Organizations and agendas
What is everyone working on in AI alignment?
What is FAR AI's research agenda?
What is Anthropic's alignment research agenda?
What technical problems is MIRI working on?
What is OpenAI's alignment research agenda?
What is DeepMind's safety team working on?
What projects is CAIS working on?
What is the Alignment Research Center (ARC)'s research agenda?
What is the Center for AI Safety (CAIS)'s research agenda?
What is Conjecture's research agenda?
What is Ought's research agenda?
What is the Center for Human Compatible AI (CHAI)?
What is the Center on Long-Term Risk (CLR)'s research agenda?
What is Redwood Research's agenda?
What is Obelisk's research agenda?
What is Encultured's research agenda?
What is the UK's AI Security Institute?
What is the AI control research agenda?
Researchers
What is Sam Bowman researching?
What is David Krueger working on?
What are Scott Garrabrant and Abram Demski working on?
What is John Wentworth's research agenda?
What is Aligned AI / Stuart Armstrong working on?

What is "jailbreaking" a large language model (LLM)?

2 min read

Suggest changes in Google Docs

“Jailbreaking” a Large language model

(LLM) means using an adversarially-designed text prompt to bypass the restrictions put on the model by its developer. The most capable LLMs that are publicly available (e.g., ChatGPT) have been shaped to not output certain types of text, including hate speech, incitation to violence, solutions to CAPTCHAs, and instructions for producing weapons.

Examples include the “grandma locket” image jailbreak, the “Do Anything Now” (DAN) jailbreak, and jailbreaks found by automatically generating adversarial prompts.

Overall, techniques like RLHF

and pre-prompting reduce the frequency with which the model responds with harmful or unhelpful content. However, the fact that jailbreaking is possible — and has been relatively easy, even against models that are trained to avoid it — shows that the current best alignment methods aren’t good enough to robustly align models with what their developers want them to do. Jailbreaking is a good illustration of AI alignment being hard, but preventing jailbreaking would not be sufficient to align future AIs, as they might still be vulnerable to emerging problems such as deception.

Further reading:

  • Lakera’s Gandalf is an interactive “game” where you can get a feel for jailbreaking by getting an LLM to reveal its “password”.

Keep Reading

Continue with the next entry in "Alignment research"
What is adversarial training?
Next
Updated Apr 2025

Google Doc

Language ModelsAdversarial TrainingReinforcement LearningDefinitionsLLM

AISafety.info

We’re a global team of specialists and volunteers from various backgrounds who want to ensure that the effects of future AI are beneficial rather than catastrophic.

Get involved

Donate
Code
Write
Join us on Discord
About us

Partner projects

AISafety.com
Alignment Ecosystem Development

© AISafety.info, 2022—2025

Aisafety.info is an Ashgro Inc Project. Ashgro Inc (EIN: 88-4232889) is a 501(c)(3) Public Charity incorporated in Delaware.