universal-adversarial-suffixappends a fixed string of weird tokens that breaks safety across many prompts.gradient-attackuses the model’s own math signals to craft an input that forces a bad answer.synonym-substitution-attackswaps words for synonyms to slip past filters while keeping the meaning.safety-classifier-evasionreshapes a request so the safety filter does not flag it.transferable-attackcrafts an attack on one model and reuses it on another.
Attack Strategies
Adversarial Machine Learning: Attack Strategy
These attacks add small, carefully chosen changes to a prompt to trick the model. The goal is to make it misbehave or skip its safety checks without an obv
What it is: These attacks add small, carefully chosen changes to a prompt to trick the model. The goal is to make it misbehave or skip its safety checks without an obvious bad request.
How the attacks work: The attacker tweaks words, characters, or tokens in ways that look harmless to a human but confuse the model. Many use search or optimization to find the exact change that flips the output, then reuse it.
Real examples from the framework: