Abstract

Large language models (LLMs) are designed to align with human values in theirresponses. This study exploits LLMs with an iterative prompting technique whereeach prompt is systematically modified and refined across multiple iterationsto enhance its effectiveness in jailbreaking attacks progressively. Thistechnique involves analyzing the response patterns of LLMs, including GPT-3.5,GPT-4, LLaMa2, Vicuna, and ChatGLM, allowing us to adjust and optimize promptsto evade the LLMs' ethical and security constraints. Persuasion strategiesenhance prompt effectiveness while maintaining consistency with maliciousintent. Our results show that the attack success rates (ASR) increase as theattacking prompts become more refined with the highest ASR of 90% for GPT4 andChatGLM and the lowest ASR of 68% for LLaMa2. Our technique outperformsbaseline techniques (PAIR and PAP) in ASR and shows comparable performance withGCG and ArtPrompt.