Adriano M.’s Post

I'm a day late, but we just put out a second amazing blog on AI jailbreaks. Not only is this blog post very detailed and informative, but it's also a really fun read with great visuals! Congrats to the team for breaking down Skeleton Key so effectively. Here's a few teasers to make you want to read the whole post... Skeleton Key jailbreak technique works by using a multi-turn (or multiple step) strategy to cause a model to ignore its guardrails. Once guardrails are ignored, a model will not be able to determine malicious or unsanctioned requests from any other. It relies on the attacker already having legitimate access to the AI model. At the attack layer, Skeleton Key works by asking a model to augment, rather than change, its behavior guidelines so that it responds to any request for information or content, providing a warning (rather than refusing) if its output might be considered offensive, harmful, or illegal if followed. When the Skeleton Key jailbreak is successful, a model acknowledges that it has updated its guidelines and will subsequently comply with instructions to produce any content, no matter how much it violates its original responsible AI guidelines. Mitigations: Input filtering, System messages, Output filtering, Abuse monitoring.

Microsoft recently discovered a new type of generative AI jailbreak method, which we call Skeleton Key for its ability to potentially subvert responsible AI (RAI) guardrails built into the model, which could enable the model to violate its operators’ polices, make decisions unduly influenced by a user, or run malicious instructions. The Skeleton Key method works by using a multi-step strategy to cause a model to ignore its guardrails by asking it to augment, rather than change, its behavior guidelines. This enables a model to then respond to any request for information or content, including producing ordinarily forbidden behaviors and content. To protect against Skeleton Key attacks, Microsoft has implemented several approaches to our AI system design, provided tools for customers developing their own applications on Azure, and provided mitigation guidance for defenders to discovered and protect against such attacks. Learn about Skeleton Key, what Microsoft is doing to defend systems against this threat, and more in the latest Microsoft Threat Intelligence blog from the Chief Technology Officer of Microsoft Azure Mark Russinovich: https://msft.it/6043Y7Xrd Learn more about Mark Russinovich and his exploration into AI and AI jailbreaking techniques like Crescendo and Skeleton Key, as discussed on that latest Microsoft Threat Intelligence podcast episode hosted by Sherrod DeGrippo: https://msft.it/6044Y7Xre

Cool follow-up to the last post I shared on AI jailbreaks…. This time with insights on Skeleton Key jailbreak specifically. Interesting article.

This is another great example of some of the new types of security threats faced by businesses as they advance to the AI era. AI, like all technology innovations in productivity before it, is not and will never be perfect. Honestly the more complex a system is, the more likely you will have unforeseen issues pop up. It is important that you consider what information in your business your AI models have access to, and in turn who also has access to your AI.

I'm very sure Thin Lizzy had no idea that, when they released "Jailbreak" in 1976, the term would apply to a continually evolving threat to the responsible use of generative AI (GenAI) models. In short, a jailbreak attempts to get around the guardrails that limit potentially dangerous responses from the supporting GenAI models, particularly on trust and safety topics that are considered risky or likely to be malicious (e.g. asking for instructions to build something that can be used with bad intent, like code for a virus or worm). In a recent finding shared by security teams at Microsoft, they identified a new jailbreak attack that they've termed "Skeleton Key," which allows a relatively direct input approach to push the model to ignore relevant guardrails by augmenting the behavior guidelines. As noted in the supporting the Microsoft Security blogpost, one approach works by "informing a model that the user is trained in safety and ethics, and that the output is for research purposes only, helps to convince some models to comply." While the finding comes from Microsoft, they are sharing the details with other providers following responsible disclosure procedures, as they've demonstrated the risk of compromise exists with many of the most well-known models, including OpenAI's GPT 3.5 & 4.0, Google's Gemini Pro and Anthropic's Claude 3 Opus. Read more from Mark Russinovich about this intriguing topic and guidance on mitigation approaches on the Microsoft Security blog at: https://lnkd.in/gdQf7HTv #AIsecurity #responsibleAI #itsecurity #AIjailbreak #skeletonkey

Interesting post from Mark Russinovich about a new type of #LLM jailbreak: 🔒🔍 In generative AI, "jailbreaks" or direct prompt injection attacks are malicious inputs designed to bypass an AI model's intended behavior. These attacks can undermine the responsible AI (RAI) guardrails set by the AI vendor, making comprehensive risk mitigation essential. 🔐🤖 #Azure #OpenAI #security #msftadvocate

Interesting post from Mark Russinovich about a new type of #LLM jailbreak: 🔒🔍 In generative AI, "jailbreaks" or direct prompt injection attacks are malicious inputs designed to bypass an AI model's intended behavior. These attacks can undermine the responsible AI (RAI) guardrails set by the AI vendor, making comprehensive risk mitigation essential. 🔐🤖 #Azure #OpenAI #security #msftadvocate

Interesting post from Mark Russinovich about a new type of #LLM jailbreak: 🔒🔍 In generative AI, "jailbreaks" or direct prompt injection attacks are malicious inputs designed to bypass an AI model's intended behavior. These attacks can undermine the responsible AI (RAI) guardrails set by the AI vendor, making comprehensive risk mitigation essential. 🔐🤖 #Azure #OpenAI #security #msftadvocate

Interesting post from Mark Russinovich about a new type of #LLM jailbreak: 🔒🔍 In generative AI, "jailbreaks" or direct prompt injection attacks are malicious inputs designed to bypass an AI model's intended behavior. These attacks can undermine the responsible AI (RAI) guardrails set by the AI vendor, making comprehensive risk mitigation essential. 🔐🤖 #Azure #OpenAI #security #msftadvocate

Mitigating #Skeleton #Key, a new type of #generative #AI #jailbreak technique. This AI jailbreak technique works by using a multi-turn (or multiple step) strategy to cause a model to ignore its guardrails. Once guardrails are ignored, a model will not be able to determine malicious or unsanctioned requests from any other. Because of its full bypass abilities, we have named this jailbreak technique Skeleton Key. To protect against Skeleton Key attacks, as detailed in this blog, #Microsoft has implemented several approaches to our AI system design and provides tools for customers developing their own applications on Azure. Below, we also share #mitigation #guidance for defenders to discover and protect against such attacks. https://lnkd.in/erJSyAGN #AI #GenerativeAI #ResponsibleAI #Security