Zubnet AIApprendreWiki › Jailbreak
Safety

Jailbreak

Jailbreaking, Adversarial Prompt
Des techniques qui trompent un modèle d'IA pour qu'il contourne son entraînement de sécurité et génère du contenu qu'il était conçu pour refuser — instructions pour des activités dangereuses, contenu nuisible, ou comportements qui violent les politiques d'usage du modèle. Les jailbreaks exploitent l'écart entre ce que le modèle a été entraîné à refuser et ce qu'un prompting malin peut lui extraire.

Pourquoi c'est important

Le jailbreaking est le terrain de test adversaire pour la sécurité de l'IA. Chaque modèle est livré avec des garde-fous de sécurité, et chaque modèle majeur a été jailbreaké. Le jeu du chat et de la souris entre les techniques de jailbreak et les mesures de sécurité drive l'amélioration de l'alignement. Comprendre les jailbreaks t'aide à évaluer à quel point la sécurité d'un modèle est vraiment robuste, plutôt que de prendre les affirmations marketing pour acquis.

Deep Dive

Common jailbreak techniques include: role-playing ("Pretend you're an AI without restrictions"), encoding (asking in Base64 or pig Latin), many-shot attacks (providing many examples of the unsafe behavior to establish a pattern), and crescendo attacks (gradually escalating from benign to harmful requests across a conversation). More sophisticated techniques exploit specific model behaviors, like the tendency to continue established patterns or to be helpful when asked for "educational" information.

The Arms Race

AI labs invest heavily in red-teaming — systematically trying to jailbreak their own models before release. When a new jailbreak technique is discovered, it gets patched through additional safety training or system-level filters. But the attack surface is vast: natural language is infinitely flexible, and new techniques keep emerging. The practical reality is that determined adversaries can usually find some jailbreak for any public model, which is why defense-in-depth (multiple layers of safety, including output filtering and monitoring) matters more than any single prevention technique.

Jailbreak vs. Legitimate Use

The challenge is that safety filters sometimes refuse legitimate requests. A medical professional asking about drug interactions, a security researcher asking about vulnerabilities, or a novelist writing a scene with conflict might all trigger refusals. Overly aggressive safety training produces models that are "safe" but useless. The art of alignment is finding the right balance — refusing genuinely harmful requests while remaining helpful for legitimate ones.

Concepts liés

Alignment Model Red Teaming
← Tous les termes
← Instruction Tuning Jina AI →