Back
Published
Jun 25, 2024
Updated
Jun 25, 2024

Can AI Be Tricked Into Saying Harmful Things?

CoSafe: Evaluating Large Language Model Safety in Multi-Turn Dialogue Coreference
By
Erxin Yu|Jing Li|Ming Liao|Siqi Wang|Zuchen Gao|Fei Mi|Lanqing Hong
https://arxiv.org/abs/2406.17626v1

Summary

Large language models (LLMs) are getting smarter every day, but are they safe? New research explores a sneaky way to trick AIs into saying harmful things, even when they're designed not to. This trick, called a "multi-turn dialogue coreference attack," uses subtle references in conversation to bypass the AI's safety mechanisms. Imagine an AI refusing to insult someone directly. Now, imagine subtly changing the wording, referencing the person indirectly in a multi-turn conversation. Researchers found this method can trick even advanced LLMs like LLaMA2 into generating harmful responses up to 56% of the time. This research introduces "CoSafe," a new dataset of 1,400 multi-turn conversations designed to test these vulnerabilities. They tested five popular LLMs and discovered that while some AIs were more resistant than others, none were completely immune to these attacks. The study also shows that standard safety measures, like system prompts and chain-of-thought prompting, help reduce these risks but don't eliminate them completely. This raises a red flag about the safety and trustworthiness of current AI models, especially in conversational settings. While the research highlights the vulnerabilities of LLMs, it also paves the way for developing stronger safeguards. One limitation of the study is the potential for meaning to drift during these multi-turn conversations. Also, generating these complex test scenarios is currently quite expensive. The researchers hope to develop more affordable methods in the future, potentially using LLMs themselves to generate these tests.
🍰 Interesting in building your own agents?
PromptLayer provides the tools to manage and monitor prompts with your whole team. Get started for free.

Question & Answers

What is a multi-turn dialogue coreference attack and how does it work?
A multi-turn dialogue coreference attack is a technique that bypasses AI safety mechanisms through indirect references across multiple conversation turns. The process works by gradually building context through seemingly innocent dialogue, then using indirect references to target subjects rather than direct harmful statements. For example, instead of directly asking an AI to insult someone, an attacker might establish context about a person over several messages, then use pronouns or indirect references to prompt harmful responses about them. This method has proven effective, successfully triggering harmful responses in LLMs like LLaMA2 up to 56% of the time.
How can AI safety measures protect against harmful content?
AI safety measures include multiple layers of protection like system prompts and chain-of-thought reasoning to prevent harmful outputs. These safeguards work by establishing behavioral boundaries and ethical guidelines that the AI follows during conversations. In practice, this means AI systems can recognize and avoid generating toxic, biased, or harmful content in most situations. While not perfect (as shown by the study's findings), these measures significantly reduce risks in everyday AI interactions, making AI systems more reliable for business communications, customer service, and content generation.
What are the main challenges in developing safe AI chatbots?
Developing safe AI chatbots involves balancing functionality with ethical constraints while maintaining natural conversation flow. The main challenges include preventing harmful outputs without making the AI overly restrictive, maintaining context awareness across long conversations, and adapting to various communication styles. For businesses and developers, this means carefully implementing safety measures while ensuring the chatbot remains useful and engaging. Regular testing, updates, and monitoring are essential to maintain this balance and protect users from potential harm while delivering valuable interactions.

PromptLayer Features

  1. Testing & Evaluation
  2. The paper's CoSafe dataset of 1,400 multi-turn conversations for testing AI safety vulnerabilities aligns with PromptLayer's batch testing capabilities
Implementation Details
1. Import CoSafe dataset into PromptLayer 2. Create batch test templates 3. Configure safety metrics 4. Run automated tests across model versions
Key Benefits
• Systematic evaluation of safety measures across different prompts • Automated detection of vulnerability patterns • Standardized safety testing framework
Potential Improvements
• Add specialized safety scoring metrics • Implement automated vulnerability detection • Create safety-specific test template library
Business Value
Efficiency Gains
Reduces manual safety testing time by 70% through automation
Cost Savings
Minimizes risk exposure and associated costs from AI safety incidents
Quality Improvement
Ensures consistent safety standards across all AI interactions
  1. Prompt Management
  2. The research's focus on system prompts and chain-of-thought prompting for safety measures requires robust prompt versioning and control
Implementation Details
1. Create safety-focused prompt templates 2. Version control safety mechanisms 3. Implement collaborative review process
Key Benefits
• Centralized management of safety prompts • Version tracking of safety improvements • Collaborative safety prompt development
Potential Improvements
• Add safety-specific prompt validation • Implement prompt effectiveness scoring • Create safety prompt suggestion system
Business Value
Efficiency Gains
Streamlines safety prompt development and deployment by 50%
Cost Savings
Reduces resources needed for safety prompt maintenance and updates
Quality Improvement
Ensures consistent safety standards across all prompt versions

The first platform built for prompt engineering

Start for free
no-img
Made in NYC 🗽
  • Follow Us

© Copyright 2025 Magniv, Inc. All rights reserved.