{"id":"https://openalex.org/W4391987582","doi":"https://doi.org/10.48550/arxiv.2402.11753","title":"ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs","display_name":"ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs","publication_year":2024,"publication_date":"2024-02-19","ids":{"openalex":"https://openalex.org/W4391987582","doi":"https://doi.org/10.48550/arxiv.2402.11753"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2402.11753","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2402.11753","pdf_url":"https://arxiv.org/pdf/2402.11753","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2402.11753","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007846132","display_name":"Fengqing Jiang","orcid":"https://orcid.org/0009-0002-9077-2399"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Jiang, Fengqing","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028990387","display_name":"Zhangchen Xu","orcid":"https://orcid.org/0000-0002-6971-412X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xu, Zhangchen","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018806127","display_name":"Luyao Niu","orcid":"https://orcid.org/0000-0001-8591-5522"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Niu, Luyao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085283385","display_name":"Zhen Xiang","orcid":"https://orcid.org/0000-0002-4284-2041"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xiang, Zhen","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052064870","display_name":"Bhaskar Ramasubramanian","orcid":"https://orcid.org/0000-0002-2166-7838"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ramasubramanian, Bhaskar","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100374415","display_name":"Bo Li","orcid":"https://orcid.org/0000-0002-3226-388X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Bo","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5079723268","display_name":"Radha Poovendran","orcid":"https://orcid.org/0000-0003-0269-8097"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Poovendran, Radha","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5007846132"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13999","display_name":"Digital Rights Management and Security","score":0.9818000197410583,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13851","display_name":"Law, AI, and Intellectual Property","score":0.9502000212669373,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ascii","display_name":"ASCII","score":0.7329423427581787},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.42486122250556946},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3504146933555603},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.2303161919116974},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.07902911305427551}],"concepts":[{"id":"https://openalex.org/C196832560","wikidata":"https://www.wikidata.org/wiki/Q8815","display_name":"ASCII","level":2,"score":0.7329423427581787},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42486122250556946},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3504146933555603},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.2303161919116974},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.07902911305427551}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2402.11753","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2402.11753","pdf_url":"https://arxiv.org/pdf/2402.11753","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"doi:10.48550/arxiv.2402.11753","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2402.11753","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2402.11753","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2402.11753","pdf_url":"https://arxiv.org/pdf/2402.11753","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320306101","display_name":"National Aeronautics and Space Administration","ror":"https://ror.org/027ka1x80"},{"id":"https://openalex.org/F4320306110","display_name":"U.S. Department of Homeland Security","ror":"https://ror.org/00jyr0d86"},{"id":"https://openalex.org/F4320322037","display_name":"Nuclear Safety and Security Commission","ror":"https://ror.org/05qk3ge34"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4391987582.pdf","grobid_xml":"https://content.openalex.org/works/W4391987582.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W629813691","https://openalex.org/W1642511318","https://openalex.org/W922862503","https://openalex.org/W3156694032","https://openalex.org/W2048356074","https://openalex.org/W2941649707","https://openalex.org/W1524330646","https://openalex.org/W3125143615","https://openalex.org/W3121534999","https://openalex.org/W1741151920"],"abstract_inverted_index":{"Safety":[0],"is":[1,206],"critical":[2],"to":[3,23,56,75,98,127,158,173],"the":[4,100,132,143,149,174],"usage":[5],"of":[6,38,64,72,102,134,152],"large":[7],"language":[8],"models":[9],"(LLMs).":[10],"Multiple":[11],"techniques":[12,30],"such":[13],"as":[14],"data":[15],"filtering":[16],"and":[17,90,124,162,189,195],"supervised":[18],"fine-tuning":[19],"have":[20],"been":[21],"developed":[22],"strengthen":[24],"LLM":[25],"safety.":[26],"However,":[27],"currently":[28],"known":[29],"presume":[31],"that":[32,107,116,191],"corpora":[33],"used":[34],"for":[35],"safety":[36,160],"alignment":[37],"LLMs":[39,103,119,153],"are":[40],"solely":[41,110],"interpreted":[42,111],"by":[43,112],"semantics.":[44,113],"This":[45],"assumption,":[46],"however,":[47],"does":[48],"not":[49],"hold":[50],"in":[51,59,104,131,154],"real-world":[52],"applications,":[53],"which":[54,147],"leads":[55],"severe":[57],"vulnerabilities":[58],"LLMs.":[60,167,203],"For":[61],"example,":[62],"users":[63],"forums":[65],"often":[66],"use":[67],"ASCII":[68,86,135,156],"art,":[69,74],"a":[70,84,92,179],"form":[71,133],"text-based":[73],"convey":[76],"image":[77],"information.":[78],"In":[79],"this":[80,139],"paper,":[81],"we":[82,141],"propose":[83],"novel":[85],"art-based":[87],"jailbreak":[88,144],"attack":[89,145],"introduce":[91],"comprehensive":[93],"benchmark":[94],"Vision-in-Text":[95],"Challenge":[96],"(ViTC)":[97],"evaluate":[99,183],"capabilities":[101],"recognizing":[105,155],"prompts":[106,129],"cannot":[108],"be":[109],"We":[114,182],"show":[115,190],"five":[117,186,202],"SOTA":[118,187],"(GPT-3.5,":[120],"GPT-4,":[121],"Gemini,":[122],"Claude,":[123],"Llama2)":[125],"struggle":[126],"recognize":[128],"provided":[130],"art.":[136],"Based":[137],"on":[138,185],"observation,":[140],"develop":[142],"ArtPrompt,":[146],"leverages":[148],"poor":[150],"performance":[151],"art":[157],"bypass":[159],"measures":[161],"elicit":[163],"undesired":[164,198],"behaviors":[165,199],"from":[166,200],"ArtPrompt":[168,184,192],"only":[169],"requires":[170],"black-box":[171],"access":[172],"victim":[175],"LLMs,":[176,188],"making":[177],"it":[178],"practical":[180],"attack.":[181],"can":[193],"effectively":[194],"efficiently":[196],"induce":[197],"all":[201],"Our":[204],"code":[205],"available":[207],"at":[208],"https://github.com/uw-nsl/ArtPrompt.":[209]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4}],"updated_date":"2026-02-09T09:26:11.010843","created_date":"2025-10-10T00:00:00"}