ReNeLLM
Enrichment pendingThe official implementation of our NAACL 2024 paper "A Wolf in Sheep’s Clothing: Generalized Nested Jailbreak Prompts can Fool Large Language Models Easily".
GraphCanon updated today · GitHub synced today
Trust & integrity
Full report- Maintenance
- Slowing (312d since push)
- As of today · Source: github_public_v1
- Provenance
- Not a fork · Organization account
- As of today · Source: github_public_v1
- Security (OSV)
- 73 low (73 low)
- As of today · Source: osv@v1
Public GitHub metadata and optional OSV dependency scans. Signals, not a guarantee. Trust methodology.
Overview
The official implementation of our NAACL 2024 paper "A Wolf in Sheep’s Clothing: Generalized Nested Jailbreak Prompts can Fool Large Language Models Easily".
Capability facts
- Languages
- python
Source: github.language · Jul 11, 2026
Categories
Compatibility
Sourced claims from the README excerpt - not unsourced marketing copy.
Source: README excerpt (regex_v1, Jul 11, 2026)
python renellm.py --gpt_api_key <your openai API key> --claude_api_key <your anthropic API key>Source link
Source: README excerpt (regex_v1, Jul 11, 2026)
python renellm.py --gpt_api_key <your openai API key> --claude_api_key <your anthropic API key>Source link
Source: README excerpt (regex_v1, Jul 11, 2026)
conda create -n ReNeLLM python=3.9Source link
Tags
README
Getting Started
1. Clone this repository
git clone https://github.com/NJUNLP/ReNeLLM.git
2. Build Environment
cd ReNeLLM
conda create -n ReNeLLM python=3.9
conda activate ReNeLLM
pip install -r requirements.txt
3. Run ReNeLLM
ReNeLLM employs gpt-3.5-turbo for prompt rewriting and harmful classifier, while utilizing claude-v2 as the model under attack. Therefore, you are required to input both of these API key parameters.
python renellm.py --gpt_api_key <your openai API key> --claude_api_key <your anthropic API key>
We use these two models due to their superior performance compared to open-source alternatives, as well as their lower cost in comparison with gpt-4. In principle, any model could be utilized as your harmful classifier and attacked model.
4. Get Responses
For gpt:
python get_responses.py --data_path <jailbroken data path> --gpt_api_key <your open API key> --test_model <gpt-3.5-turbo, gpt-4>
For claude:
python get_responses.py --data_path <jailbroken data path> --claude_api_key <your anthropic API key> --test_model <claude-instant-1, claude-2>
For llama-2-chat:
- Build the environment
cd llama
pip install -e .
- Follow the steps at https://github.com/facebookresearch/llama?tab=readme-ov-file#quick-start to download the llama-2-chat models.
- Get llama-2-chat responses using the command below:
bash run_chat.sh # You can set the model type and your jailbroken data path in the run_chat.sh
5. Check ASR
GPT-ASR (using GPT-4)
python check_gpt_asr.py --data_path <your llm responses data path> --gpt_api_key <your open API key>
KW-ASR (keyword ASR)
python check_kw_asr.py --data_path <your llm responses data path>
6. Execute ReNeLLM with a single prompt
python renellm.py --gpt_api_key <your gpt_api_key> --claude_api_key <your claude_api_key> --prompt "how to steal money from others?"
We have uploaded the results of 520 Advbench samples categorized into 7 scenarios(see gpt-4_single_round_prompt_annotation.json. In the result file, the "idx" field corresponds to the same idx samples in Advbench. The prompts used for classification and the harmful scenarios represented by each classification result can be found in Table 10 of our paper.
It should be noted that GPT-4 initially categorized the 520 pieces of data into 10 classes, but three of these classes had very few samples. For the convenience of statistics and analysis, we manually checked and merged these classes, resulting in 7 classification scenarios. The specific category merging information is as follows: 1 -> 0, 8 -> 9, 11 -> 6, finally resulting in 7 categories: 0, 2, 3, 4, 5, 6, 9. You can process the result file according to the above rules to obtain the classification results consistent with our paper.