Crescendo Jailbreaking

Crescendo Jailbreaking starts with neutral or benign queries and slowly escalates in intensity as the attack progresses. Each round begins with mild prompts and gradually becomes more forceful and direct, increasing pressure on the model to produce harmful outputs. If the LLM refuses to engage, the system backtracks and adjusts the attack, retrying with slight modifications to get around the refusal. This method is highly iterative, ensuring that with each round, the attack becomes harder to refuse.

The number of rounds and backtracks can be adjusted, with each escalation carefully evaluated for success. Crescendo Jailbreaking is designed to wear down the model’s defenses by slowly increasing the intensity of the prompts, making it more likely for the LLM to eventually provide harmful outputs. The gradual nature of this method makes it harder for the model to detect and resist, as the prompts evolve from harmless to harmful over time.

Usage

to be documented...

Example

to be documented...