This research reveals a sophisticated jailbreak method that transforms harmful prompts into seemingly innocent requests that bypass LLM safety measures.

• High success rate: Achieves 92.8% attack success across multiple domains
• Transferability: Successfully attacks various models including GPT-4, Claude, and Llama-2
• Evasion capability: Bypasses current safety filters by rewriting harmful instructions with learned patterns
• Practical threat: Demonstrates how attackers could automate mass attacks on deployed systems

This research highlights critical security vulnerabilities in current LLM defense mechanisms, showing how semantic transformations can make harmful content difficult to detect at scale, posing significant risks for organizations deploying AI systems.

Rewrite to Jailbreak: Discover Learnable and Transferable Implicit Harmfulness Instruction