Jailbreaking with Universal Multi-Prompts

Yu-Ling Hsu, Hsuan Su, Shang-Tse Chen

Abstract
Large language models (LLMs) have seen rapid development in recent years, revolutionizing various applications and significantly enhancing convenience and productivity. However, alongside their impressive capabilities, ethical concerns and new types of attacks, such as jailbreaking, have emerged. While most prompting techniques focus on optimizing adversarial inputs for individual cases, resulting in higher computational costs when dealing with large datasets. Less research has addressed the more general setting of training a universal attacker that can transfer to unseen tasks. In this paper, we introduce JUMP, a prompt-based method designed to jailbreak LLMs using universal multi-prompts. We also adapt our approach for defense, which we term DUMP. Experimental results demonstrate that our method for optimizing universal multi-prompts outperforms existing techniques.
Anthology ID:
2025.findings-naacl.274
Volume:
Findings of the Association for Computational Linguistics: NAACL 2025
Month:
April
Year:
2025
Address:
Albuquerque, New Mexico
Editors:
Luis Chiruzzo, Alan Ritter, Lu Wang
Venue:
Findings
SIG:
Publisher:
Association for Computational Linguistics
Note:
Pages:
4870–4891
Language:
URL:
https://aclanthology.org/2025.findings-naacl.274/
DOI:
10.18653/v1/2025.findings-naacl.274
Bibkey:
Cite (ACL):
Yu-Ling Hsu, Hsuan Su, and Shang-Tse Chen. 2025. Jailbreaking with Universal Multi-Prompts. In Findings of the Association for Computational Linguistics: NAACL 2025, pages 4870–4891, Albuquerque, New Mexico. Association for Computational Linguistics.
Cite (Informal):
Jailbreaking with Universal Multi-Prompts (Hsu et al., Findings 2025)
Copy Citation:
PDF:
https://aclanthology.org/2025.findings-naacl.274.pdf
PDF Cite Search Fix data