The TIP of the Iceberg: Revealing a Hidden Class of Task-in-Prompt Adversarial Attacks on LLMs

Sergey Berezin; Reza Farahbakhsh; Noel Crespi

doi:10.18653/v1/2025.acl-long.334

The TIP of the Iceberg: Revealing a Hidden Class of Task-in-Prompt Adversarial Attacks on LLMs

Sergey Berezin
, Reza Farahbakhsh
, Noel Crespi

Telecom Sudparis

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

We present a novel class of jailbreak adversarial attacks on LLMs, termed Task-in-Prompt (TIP) attacks. Our approach embeds sequence-to-sequence tasks (e.g., cipher decoding, riddles, code execution) into the model's prompt to indirectly generate prohibited inputs. To systematically assess the effectiveness of these attacks, we introduce the PHRYGE benchmark. We demonstrate that our techniques successfully circumvent safeguards in six state-of-the-art language models, including GPT-4o and LLaMA 3.2. Our findings highlight critical weaknesses in current LLM safety alignment and underscore the urgent need for more sophisticated defence strategies.

langue originale	Anglais
titre	Long Papers
rédacteurs en chef	Wanxiang Che, Joyce Nabende, Ekaterina Shutova, Mohammad Taher Pilehvar
Editeur	Association for Computational Linguistics (ACL)
Pages	6716-6730
Nombre de pages	15
ISBN (Electronique)	9798891762510
Les DOIs	https://doi.org/10.18653/v1/2025.acl-long.334
état	Publié - 1 janv. 2025
Evénement	63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025 - Vienna, Autriche Durée: 27 juil. 2025 → 1 août 2025

Série de publications

Nom	Proceedings of the Annual Meeting of the Association for Computational Linguistics
Volume	1
ISSN (imprimé)	0736-587X

Une conférence

Une conférence	63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025
Pays/Territoire	Autriche
La ville	Vienna
période	27/07/25 → 1/08/25

Accès au document

10.18653/v1/2025.acl-long.334

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

Berezin, S., Farahbakhsh, R., & Crespi, N. (2025). The TIP of the Iceberg: Revealing a Hidden Class of Task-in-Prompt Adversarial Attacks on LLMs. Dans W. Che, J. Nabende, E. Shutova, & M. T. Pilehvar (eds.), Long Papers (p. 6716-6730). (Proceedings of the Annual Meeting of the Association for Computational Linguistics; Vol 1). Association for Computational Linguistics (ACL). https://doi.org/10.18653/v1/2025.acl-long.334

Berezin, Sergey ; Farahbakhsh, Reza ; Crespi, Noel. / The TIP of the Iceberg : Revealing a Hidden Class of Task-in-Prompt Adversarial Attacks on LLMs. Long Papers. Editeur / Wanxiang Che ; Joyce Nabende ; Ekaterina Shutova ; Mohammad Taher Pilehvar. Association for Computational Linguistics (ACL), 2025. p. 6716-6730 (Proceedings of the Annual Meeting of the Association for Computational Linguistics).

@inproceedings{5dfe3e451efb40d7a3bcf95b8020bfdd,

title = "The TIP of the Iceberg: Revealing a Hidden Class of Task-in-Prompt Adversarial Attacks on LLMs",

abstract = "We present a novel class of jailbreak adversarial attacks on LLMs, termed Task-in-Prompt (TIP) attacks. Our approach embeds sequence-to-sequence tasks (e.g., cipher decoding, riddles, code execution) into the model's prompt to indirectly generate prohibited inputs. To systematically assess the effectiveness of these attacks, we introduce the PHRYGE benchmark. We demonstrate that our techniques successfully circumvent safeguards in six state-of-the-art language models, including GPT-4o and LLaMA 3.2. Our findings highlight critical weaknesses in current LLM safety alignment and underscore the urgent need for more sophisticated defence strategies.",

author = "Sergey Berezin and Reza Farahbakhsh and Noel Crespi",

note = "Publisher Copyright: {\textcopyright} 2025 Association for Computational Linguistics.; 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025 ; Conference date: 27-07-2025 Through 01-08-2025",

year = "2025",

month = jan,

day = "1",

doi = "10.18653/v1/2025.acl-long.334",

language = "English",

series = "Proceedings of the Annual Meeting of the Association for Computational Linguistics",

publisher = "Association for Computational Linguistics (ACL)",

pages = "6716--6730",

editor = "Wanxiang Che and Joyce Nabende and Ekaterina Shutova and Pilehvar, \{Mohammad Taher\}",

booktitle = "Long Papers",

}

Berezin, S, Farahbakhsh, R & Crespi, N 2025, The TIP of the Iceberg: Revealing a Hidden Class of Task-in-Prompt Adversarial Attacks on LLMs. Dans W Che, J Nabende, E Shutova & MT Pilehvar (eds), Long Papers. Proceedings of the Annual Meeting of the Association for Computational Linguistics, VOL. 1, Association for Computational Linguistics (ACL), p. 6716-6730, 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025, Vienna, Autriche, 27/07/25. https://doi.org/10.18653/v1/2025.acl-long.334

The TIP of the Iceberg: Revealing a Hidden Class of Task-in-Prompt Adversarial Attacks on LLMs. / Berezin, Sergey; Farahbakhsh, Reza; Crespi, Noel.
Long Papers. Ed. / Wanxiang Che; Joyce Nabende; Ekaterina Shutova; Mohammad Taher Pilehvar. Association for Computational Linguistics (ACL), 2025. p. 6716-6730 (Proceedings of the Annual Meeting of the Association for Computational Linguistics; Vol 1).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - The TIP of the Iceberg

T2 - 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025

AU - Berezin, Sergey

AU - Farahbakhsh, Reza

AU - Crespi, Noel

PY - 2025/1/1

Y1 - 2025/1/1

N2 - We present a novel class of jailbreak adversarial attacks on LLMs, termed Task-in-Prompt (TIP) attacks. Our approach embeds sequence-to-sequence tasks (e.g., cipher decoding, riddles, code execution) into the model's prompt to indirectly generate prohibited inputs. To systematically assess the effectiveness of these attacks, we introduce the PHRYGE benchmark. We demonstrate that our techniques successfully circumvent safeguards in six state-of-the-art language models, including GPT-4o and LLaMA 3.2. Our findings highlight critical weaknesses in current LLM safety alignment and underscore the urgent need for more sophisticated defence strategies.

AB - We present a novel class of jailbreak adversarial attacks on LLMs, termed Task-in-Prompt (TIP) attacks. Our approach embeds sequence-to-sequence tasks (e.g., cipher decoding, riddles, code execution) into the model's prompt to indirectly generate prohibited inputs. To systematically assess the effectiveness of these attacks, we introduce the PHRYGE benchmark. We demonstrate that our techniques successfully circumvent safeguards in six state-of-the-art language models, including GPT-4o and LLaMA 3.2. Our findings highlight critical weaknesses in current LLM safety alignment and underscore the urgent need for more sophisticated defence strategies.

UR - https://www.scopus.com/pages/publications/105021039451

U2 - 10.18653/v1/2025.acl-long.334

DO - 10.18653/v1/2025.acl-long.334

M3 - Conference contribution

AN - SCOPUS:105021039451

T3 - Proceedings of the Annual Meeting of the Association for Computational Linguistics

SP - 6716

EP - 6730

BT - Long Papers

A2 - Che, Wanxiang

A2 - Nabende, Joyce

A2 - Shutova, Ekaterina

A2 - Pilehvar, Mohammad Taher

PB - Association for Computational Linguistics (ACL)

Y2 - 27 July 2025 through 1 August 2025

ER -

Berezin S, Farahbakhsh R, Crespi N. The TIP of the Iceberg: Revealing a Hidden Class of Task-in-Prompt Adversarial Attacks on LLMs. Dans Che W, Nabende J, Shutova E, Pilehvar MT, rédacteurs en chef, Long Papers. Association for Computational Linguistics (ACL). 2025. p. 6716-6730. (Proceedings of the Annual Meeting of the Association for Computational Linguistics). doi: 10.18653/v1/2025.acl-long.334

The TIP of the Iceberg: Revealing a Hidden Class of Task-in-Prompt Adversarial Attacks on LLMs

Résumé

Série de publications

Une conférence

Accès au document

Autres fichiers et liens

Empreinte digitale

Contient cette citation