EasyJailbreak is a Python framework for researchers and developers to generate adversarial jailbreak prompts for Large Language Models (LLMs). It decomposes the jailbreaking process into modular steps, enabling systematic experimentation and the creation of custom attack strategies.

How It Works

The framework operates in a loop: it selects initial prompts (seeds), mutates them using various techniques (e.g., rephrasing, character manipulation), applies constraints, and then attacks a target LLM. The responses are evaluated to score the attack's effectiveness, feeding back into the selection process for iterative improvement. This modular design allows users to mix and match components like selectors, mutators, constraints, and evaluators to build tailored jailbreaking recipes.

Quick Start & Requirements

• Install via pip: pip install easyjailbreak
• For development (adding components): git clone https://github.com/EasyJailbreak/EasyJailbreak.git && cd EasyJailbreak && pip install -e .
• Requires Python >= 3.9.
• Supports Hugging Face and OpenAI models.
• Official documentation: https://github.com/EasyJailbreak/EasyJailbreak/blob/main/docs/README.md
• Available datasets: https://huggingface.co/datasets/Lemhf14/EasyJailbreak_Datasets

Highlighted Details

• Implements 12 distinct jailbreak "recipes" (attack strategies) such as GPTFuzz, AutoDAN, and GCG.
• Offers a comprehensive suite of modular components: Selectors, Mutators, Constraints, and Evaluators.
• Supports various LLM integrations, including Hugging Face models (e.g., Vicuna, Llama-2) and OpenAI's API (e.g., GPT-4).
• Provides detailed experimental results from paper on 10 LLMs and 11 attack recipes.

Maintenance & Community

• Primarily developed by Weikang Zhou and collaborators.
• Paper available on arXiv: https://arxiv.org/abs/2403.12171

Licensing & Compatibility

• The repository does not explicitly state a license in the README. Users should verify licensing for commercial use.

Limitations & Caveats

• Requires API keys for OpenAI models.
• Some recipes may have specific dependencies or limitations as detailed in the documentation.
• The framework is geared towards LLM security research, requiring a good understanding of LLM internals and attack methodologies.