Jailbreaking Large Language Models with Symbolic Mathematics Article Swipe
Emet Bethany
,
Mazal Bethany
,
Juan A. Nolazco‐Flores
,
Sumit Kumar Jha
,
Peyman Najafirad
·
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2409.11445
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2409.11445
Recent advancements in AI safety have led to increased efforts in training and red-teaming large language models (LLMs) to mitigate unsafe content generation. However, these safety mechanisms may not be comprehensive, leaving potential vulnerabilities unexplored. This paper introduces MathPrompt, a novel jailbreaking technique that exploits LLMs' advanced capabilities in symbolic mathematics to bypass their safety mechanisms. By encoding harmful natural language prompts into mathematical problems, we demonstrate a critical vulnerability in current AI safety measures. Our experiments across 13 state-of-the-art LLMs reveal an average attack success rate of 73.6\%, highlighting the inability of existing safety training mechanisms to generalize to mathematically encoded inputs. Analysis of embedding vectors shows a substantial semantic shift between original and encoded prompts, helping explain the attack's success. This work emphasizes the importance of a holistic approach to AI safety, calling for expanded red-teaming efforts to develop robust safeguards across all potential input types and their associated risks.
Related Topics
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2409.11445
- https://arxiv.org/pdf/2409.11445
- OA Status
- green
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W4403709724
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4403709724Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2409.11445Digital Object Identifier
- Title
-
Jailbreaking Large Language Models with Symbolic MathematicsWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2024Year of publication
- Publication date
-
2024-09-17Full publication date if available
- Authors
-
Emet Bethany, Mazal Bethany, Juan A. Nolazco‐Flores, Sumit Kumar Jha, Peyman NajafiradList of authors in order
- Landing page
-
https://arxiv.org/abs/2409.11445Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2409.11445Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2409.11445Direct OA link when available
- Concepts
-
Computer science, Programming language, Linguistics, Mathematics, PhilosophyTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
0Total citation count in OpenAlex
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W4403709724 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2409.11445 |
| ids.doi | https://doi.org/10.48550/arxiv.2409.11445 |
| ids.openalex | https://openalex.org/W4403709724 |
| fwci | |
| type | preprint |
| title | Jailbreaking Large Language Models with Symbolic Mathematics |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T10320 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.8233000040054321 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1702 |
| topics[0].subfield.display_name | Artificial Intelligence |
| topics[0].display_name | Neural Networks and Applications |
| topics[1].id | https://openalex.org/T13650 |
| topics[1].field.id | https://openalex.org/fields/17 |
| topics[1].field.display_name | Computer Science |
| topics[1].score | 0.7976999878883362 |
| topics[1].domain.id | https://openalex.org/domains/3 |
| topics[1].domain.display_name | Physical Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1702 |
| topics[1].subfield.display_name | Artificial Intelligence |
| topics[1].display_name | Computational Physics and Python Applications |
| topics[2].id | https://openalex.org/T12002 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.7896999716758728 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1703 |
| topics[2].subfield.display_name | Computational Theory and Mathematics |
| topics[2].display_name | Computability, Logic, AI Algorithms |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C41008148 |
| concepts[0].level | 0 |
| concepts[0].score | 0.5130113959312439 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[0].display_name | Computer science |
| concepts[1].id | https://openalex.org/C199360897 |
| concepts[1].level | 1 |
| concepts[1].score | 0.41515401005744934 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q9143 |
| concepts[1].display_name | Programming language |
| concepts[2].id | https://openalex.org/C41895202 |
| concepts[2].level | 1 |
| concepts[2].score | 0.3844512104988098 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q8162 |
| concepts[2].display_name | Linguistics |
| concepts[3].id | https://openalex.org/C33923547 |
| concepts[3].level | 0 |
| concepts[3].score | 0.33572784066200256 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q395 |
| concepts[3].display_name | Mathematics |
| concepts[4].id | https://openalex.org/C138885662 |
| concepts[4].level | 0 |
| concepts[4].score | 0.08731687068939209 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q5891 |
| concepts[4].display_name | Philosophy |
| keywords[0].id | https://openalex.org/keywords/computer-science |
| keywords[0].score | 0.5130113959312439 |
| keywords[0].display_name | Computer science |
| keywords[1].id | https://openalex.org/keywords/programming-language |
| keywords[1].score | 0.41515401005744934 |
| keywords[1].display_name | Programming language |
| keywords[2].id | https://openalex.org/keywords/linguistics |
| keywords[2].score | 0.3844512104988098 |
| keywords[2].display_name | Linguistics |
| keywords[3].id | https://openalex.org/keywords/mathematics |
| keywords[3].score | 0.33572784066200256 |
| keywords[3].display_name | Mathematics |
| keywords[4].id | https://openalex.org/keywords/philosophy |
| keywords[4].score | 0.08731687068939209 |
| keywords[4].display_name | Philosophy |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2409.11445 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2409.11445 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2409.11445 |
| locations[1].id | doi:10.48550/arxiv.2409.11445 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | cc-by |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | https://openalex.org/licenses/cc-by |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2409.11445 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5093744098 |
| authorships[0].author.orcid | |
| authorships[0].author.display_name | Emet Bethany |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Bethany, Emet |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5013922720 |
| authorships[1].author.orcid | https://orcid.org/0000-0002-3227-9806 |
| authorships[1].author.display_name | Mazal Bethany |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Bethany, Mazal |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5034103815 |
| authorships[2].author.orcid | https://orcid.org/0000-0002-4187-9352 |
| authorships[2].author.display_name | Juan A. Nolazco‐Flores |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Flores, Juan Arturo Nolazco |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5075978538 |
| authorships[3].author.orcid | https://orcid.org/0000-0003-0354-2940 |
| authorships[3].author.display_name | Sumit Kumar Jha |
| authorships[3].author_position | middle |
| authorships[3].raw_author_name | Jha, Sumit Kumar |
| authorships[3].is_corresponding | False |
| authorships[4].author.id | https://openalex.org/A5017210698 |
| authorships[4].author.orcid | |
| authorships[4].author.display_name | Peyman Najafirad |
| authorships[4].author_position | last |
| authorships[4].raw_author_name | Najafirad, Peyman |
| authorships[4].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2409.11445 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | Jailbreaking Large Language Models with Symbolic Mathematics |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T10320 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.8233000040054321 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1702 |
| primary_topic.subfield.display_name | Artificial Intelligence |
| primary_topic.display_name | Neural Networks and Applications |
| related_works | https://openalex.org/W2899084033, https://openalex.org/W2748952813, https://openalex.org/W4391375266, https://openalex.org/W1979597421, https://openalex.org/W2007980826, https://openalex.org/W2061531152, https://openalex.org/W3002753104, https://openalex.org/W2077600819, https://openalex.org/W2142036596, https://openalex.org/W2072657027 |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2409.11445 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2409.11445 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2409.11445 |
| primary_location.id | pmh:oai:arXiv.org:2409.11445 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2409.11445 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2409.11445 |
| publication_date | 2024-09-17 |
| publication_year | 2024 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 39, 67, 108, 128 |
| abstract_inverted_index.13 | 78 |
| abstract_inverted_index.AI | 3, 72, 132 |
| abstract_inverted_index.By | 56 |
| abstract_inverted_index.an | 82 |
| abstract_inverted_index.be | 29 |
| abstract_inverted_index.in | 2, 10, 48, 70 |
| abstract_inverted_index.of | 87, 92, 104, 127 |
| abstract_inverted_index.to | 7, 18, 51, 97, 99, 131, 139 |
| abstract_inverted_index.we | 65 |
| abstract_inverted_index.Our | 75 |
| abstract_inverted_index.all | 144 |
| abstract_inverted_index.and | 12, 114, 148 |
| abstract_inverted_index.for | 135 |
| abstract_inverted_index.led | 6 |
| abstract_inverted_index.may | 27 |
| abstract_inverted_index.not | 28 |
| abstract_inverted_index.the | 90, 119, 125 |
| abstract_inverted_index.LLMs | 80 |
| abstract_inverted_index.This | 35, 122 |
| abstract_inverted_index.have | 5 |
| abstract_inverted_index.into | 62 |
| abstract_inverted_index.rate | 86 |
| abstract_inverted_index.that | 43 |
| abstract_inverted_index.work | 123 |
| abstract_inverted_index.LLMs' | 45 |
| abstract_inverted_index.input | 146 |
| abstract_inverted_index.large | 14 |
| abstract_inverted_index.novel | 40 |
| abstract_inverted_index.paper | 36 |
| abstract_inverted_index.shift | 111 |
| abstract_inverted_index.shows | 107 |
| abstract_inverted_index.their | 53, 149 |
| abstract_inverted_index.these | 24 |
| abstract_inverted_index.types | 147 |
| abstract_inverted_index.(LLMs) | 17 |
| abstract_inverted_index.Recent | 0 |
| abstract_inverted_index.across | 77, 143 |
| abstract_inverted_index.attack | 84 |
| abstract_inverted_index.bypass | 52 |
| abstract_inverted_index.models | 16 |
| abstract_inverted_index.reveal | 81 |
| abstract_inverted_index.risks. | 151 |
| abstract_inverted_index.robust | 141 |
| abstract_inverted_index.safety | 4, 25, 54, 73, 94 |
| abstract_inverted_index.unsafe | 20 |
| abstract_inverted_index.73.6\%, | 88 |
| abstract_inverted_index.average | 83 |
| abstract_inverted_index.between | 112 |
| abstract_inverted_index.calling | 134 |
| abstract_inverted_index.content | 21 |
| abstract_inverted_index.current | 71 |
| abstract_inverted_index.develop | 140 |
| abstract_inverted_index.efforts | 9, 138 |
| abstract_inverted_index.encoded | 101, 115 |
| abstract_inverted_index.explain | 118 |
| abstract_inverted_index.harmful | 58 |
| abstract_inverted_index.helping | 117 |
| abstract_inverted_index.inputs. | 102 |
| abstract_inverted_index.leaving | 31 |
| abstract_inverted_index.natural | 59 |
| abstract_inverted_index.prompts | 61 |
| abstract_inverted_index.safety, | 133 |
| abstract_inverted_index.success | 85 |
| abstract_inverted_index.vectors | 106 |
| abstract_inverted_index.Analysis | 103 |
| abstract_inverted_index.However, | 23 |
| abstract_inverted_index.advanced | 46 |
| abstract_inverted_index.approach | 130 |
| abstract_inverted_index.attack's | 120 |
| abstract_inverted_index.critical | 68 |
| abstract_inverted_index.encoding | 57 |
| abstract_inverted_index.existing | 93 |
| abstract_inverted_index.expanded | 136 |
| abstract_inverted_index.exploits | 44 |
| abstract_inverted_index.holistic | 129 |
| abstract_inverted_index.language | 15, 60 |
| abstract_inverted_index.mitigate | 19 |
| abstract_inverted_index.original | 113 |
| abstract_inverted_index.prompts, | 116 |
| abstract_inverted_index.semantic | 110 |
| abstract_inverted_index.success. | 121 |
| abstract_inverted_index.symbolic | 49 |
| abstract_inverted_index.training | 11, 95 |
| abstract_inverted_index.embedding | 105 |
| abstract_inverted_index.inability | 91 |
| abstract_inverted_index.increased | 8 |
| abstract_inverted_index.measures. | 74 |
| abstract_inverted_index.potential | 32, 145 |
| abstract_inverted_index.problems, | 64 |
| abstract_inverted_index.technique | 42 |
| abstract_inverted_index.associated | 150 |
| abstract_inverted_index.emphasizes | 124 |
| abstract_inverted_index.generalize | 98 |
| abstract_inverted_index.importance | 126 |
| abstract_inverted_index.introduces | 37 |
| abstract_inverted_index.mechanisms | 26, 96 |
| abstract_inverted_index.safeguards | 142 |
| abstract_inverted_index.MathPrompt, | 38 |
| abstract_inverted_index.demonstrate | 66 |
| abstract_inverted_index.experiments | 76 |
| abstract_inverted_index.generation. | 22 |
| abstract_inverted_index.mathematics | 50 |
| abstract_inverted_index.mechanisms. | 55 |
| abstract_inverted_index.red-teaming | 13, 137 |
| abstract_inverted_index.substantial | 109 |
| abstract_inverted_index.unexplored. | 34 |
| abstract_inverted_index.advancements | 1 |
| abstract_inverted_index.capabilities | 47 |
| abstract_inverted_index.highlighting | 89 |
| abstract_inverted_index.jailbreaking | 41 |
| abstract_inverted_index.mathematical | 63 |
| abstract_inverted_index.vulnerability | 69 |
| abstract_inverted_index.comprehensive, | 30 |
| abstract_inverted_index.mathematically | 100 |
| abstract_inverted_index.vulnerabilities | 33 |
| abstract_inverted_index.state-of-the-art | 79 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 5 |
| citation_normalized_percentile |