{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T12:27:02Z","timestamp":1780057622097,"version":"3.54.0"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,15]],"date-time":"2024-07-15T00:00:00Z","timestamp":1721001600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7,15]]},"DOI":"10.1145\/3663530.3665021","type":"proceedings-article","created":{"date-parts":[[2024,7,10]],"date-time":"2024-07-10T19:40:51Z","timestamp":1720640451000},"page":"12-21","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":94,"title":["A Hitchhiker\u2019s Guide to Jailbreaking ChatGPT via Prompt Engineering"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4978-127X","authenticated-orcid":false,"given":"Yi","family":"Liu","sequence":"first","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0046-6674","authenticated-orcid":false,"given":"Gelei","family":"Deng","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8390-7518","authenticated-orcid":false,"given":"Zhengzi","family":"Xu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4382-0757","authenticated-orcid":false,"given":"Yuekang","family":"Li","sequence":"additional","affiliation":[{"name":"UNSW, Sydney, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8953-0782","authenticated-orcid":false,"given":"Yaowen","family":"Zheng","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering at Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2770-9189","authenticated-orcid":false,"given":"Ying","family":"Zhang","sequence":"additional","affiliation":[{"name":"Virginia Tech, Blacksburg, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-9832-8948","authenticated-orcid":false,"given":"Lida","family":"Zhao","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6595-6650","authenticated-orcid":false,"given":"Tianwei","family":"Zhang","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3977-6573","authenticated-orcid":false,"given":"Kailong","family":"Wang","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,7,15]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"[n. d.]. Alex Albert. https:\/\/alexalbert.me\/. (Accessed on 05\/06\/2023)","DOI":"10.47223\/IRJAY.2023.6514"},{"key":"e_1_3_2_1_2_1","unstructured":"[n. d.]. Jailbreak chat. https:\/\/www.jailbreakchat.com\/."},{"key":"e_1_3_2_1_3_1","unstructured":"[n. d.]. Meet DAN The JAILBREAK Version of ChatGPT and How to Use it AI Unchained and Unfiltered | by Michael King | Medium. https:\/\/medium.com\/@neonforge\/meet-dan-the-jailbreak-version-of-chatgpt-and-how-to-use-it-ai-unchained-and-unfiltered-f91bfa679024. (Accessed on 02\/02\/2023)"},{"key":"e_1_3_2_1_4_1","unstructured":"[n. d.]. Moderation - OpenAI API. https:\/\/platform.openai.com\/docs\/guides\/moderation. (Accessed on 02\/02\/2023)"},{"key":"e_1_3_2_1_5_1","unstructured":"[n. d.]. New chat. https:\/\/chat.openai.com\/. (Accessed on 02\/02\/2023)"},{"key":"e_1_3_2_1_6_1","unstructured":"[n. d.]. OWASP Top 10 for Large Language Model Applications | OWASP Foundation. https:\/\/owasp.org\/www-project-top-10-for-large-language-model-applications\/. (Accessed on 06\/30\/2023)"},{"key":"e_1_3_2_1_7_1","volume-title":"Language models are few-shot learners. Advances in neural information processing systems, 33","author":"Brown Tom","year":"2020","unstructured":"Tom Brown, Benjamin Mann, Nick Ryder, Melanie Subbiah, Jared D Kaplan, Prafulla Dhariwal, Arvind Neelakantan, Pranav Shyam, Girish Sastry, and Amanda Askell. 2020. Language models are few-shot learners. Advances in neural information processing systems, 33 (2020), 1877\u20131901."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Zhiyuan Chang Mingyang Li Yi Liu Junjie Wang Qing Wang and Yang Liu. 2024. Play Guessing Game with LLM: Indirect Jailbreak Attack with Implicit Clues. arxiv:2402.09091.","DOI":"10.18653\/v1\/2024.findings-acl.304"},{"key":"e_1_3_2_1_9_1","volume-title":"Jailbreaker: Automated Jailbreak Across Multiple Large Language Model Chatbots. arxiv:2307.08715.","author":"Deng Gelei","year":"2023","unstructured":"Gelei Deng, Yi Liu, Yuekang Li, Kailong Wang, Ying Zhang, Zefeng Li, Haoyu Wang, Tianwei Zhang, and Yang Liu. 2023. Jailbreaker: Automated Jailbreak Across Multiple Large Language Model Chatbots. arxiv:2307.08715."},{"key":"e_1_3_2_1_10_1","volume-title":"Pandora: Jailbreak GPTs by Retrieval Augmented Generation Poisoning. arxiv:2402.08416.","author":"Deng Gelei","year":"2024","unstructured":"Gelei Deng, Yi Liu, Kailong Wang, Yuekang Li, Tianwei Zhang, and Yang Liu. 2024. Pandora: Jailbreak GPTs by Retrieval Augmented Generation Poisoning. arxiv:2402.08416."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Kai Greshake Sahar Abdelnabi Shailesh Mishra Christoph Endres Thorsten Holz and Mario Fritz. 2023. Not what you\u2019ve signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection. arxiv:2302.12173.","DOI":"10.1145\/3605764.3623985"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Maanak Gupta CharanKumar Akiri Kshitiz Aryal Eli Parker and Lopamudra Praharaj. 2023. From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy. arxiv:2307.00691.","DOI":"10.1109\/ACCESS.2023.3300381"},{"key":"e_1_3_2_1_13_1","volume-title":"Digger: Detecting Copyright Content Mis-usage in Large Language Model Training. arxiv:2401.00676.","author":"Li Haodong","year":"2024","unstructured":"Haodong Li, Gelei Deng, Yi Liu, Kailong Wang, Yuekang Li, Tianwei Zhang, Yang Liu, Guoai Xu, Guosheng Xu, and Haoyu Wang. 2024. Digger: Detecting Copyright Content Mis-usage in Large Language Model Training. arxiv:2401.00676."},{"key":"e_1_3_2_1_14_1","unstructured":"Jie Li Yi Liu Chongyang Liu Ling Shi Xiaoning Ren Yaowen Zheng Yang Liu and Yinxing Xue. 2024. A Cross-Language Investigation into Jailbreak Attacks in Large Language Models. arxiv:2401.16765."},{"key":"e_1_3_2_1_15_1","unstructured":"Yuxi Li Yi Liu Gelei Deng Ying Zhang Wenjia Song Ling Shi Kailong Wang Yuekang Li Yang Liu and Haoyu Wang. 2024. Glitch Tokens in Large Language Models: Categorization Taxonomy and Effective Detection. arxiv:2404.09894."},{"key":"e_1_3_2_1_16_1","unstructured":"Yi Liu. 2024. LLM Jailbreak Study. https:\/\/sites.google.com\/view\/llm-jailbreak-study\/home. Website"},{"key":"e_1_3_2_1_17_1","unstructured":"Yi Liu Gelei Deng Yuekang Li Kailong Wang Tianwei Zhang Yepang Liu Haoyu Wang Yan Zheng and Yang Liu. 2023. Prompt Injection attack against LLM-integrated Applications. arxiv:2306.05499."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Yi Liu Gelei Deng Zhengzi Xu Yuekang Li Yaowen Zheng Ying Zhang Lida Zhao Tianwei Zhang Kailong Wang and Yang Liu. 2024. Jailbreaking ChatGPT via Prompt Engineering: An Empirical Study. arxiv:2305.13860.","DOI":"10.1145\/3663530.3665021"},{"key":"e_1_3_2_1_19_1","volume-title":"Groot: Adversarial Testing for Generative Text-to-Image Models with Tree-based Semantic Transformation. arxiv:2402.12100.","author":"Liu Yi","year":"2024","unstructured":"Yi Liu, Guowei Yang, Gelei Deng, Feiyue Chen, Yuqi Chen, Ling Shi, Tianwei Zhang, and Yang Liu. 2024. Groot: Adversarial Testing for Generative Text-to-Image Models with Tree-based Semantic Transformation. arxiv:2402.12100."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10462-022-10248-8"},{"key":"e_1_3_2_1_21_1","unstructured":"Xiangyu Qi Kaixuan Huang Ashwinee Panda Mengdi Wang and Prateek Mittal. 2023. Visual Adversarial Examples Jailbreak Large Language Models. arxiv:2306.13213."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884833"},{"key":"e_1_3_2_1_23_1","unstructured":"Boxin Wang Weixin Chen Hengzhi Pei Chulin Xie Mintong Kang Chenhui Zhang Chejian Xu Zidi Xiong Ritik Dutta Rylan Schaeffer Sang T. Truong Simran Arora Mantas Mazeika Dan Hendrycks Zinan Lin Yu Cheng Sanmi Koyejo Dawn Song and Bo Li. 2023. DecodingTrust: A Comprehensive Assessment of Trustworthiness in GPT Models. arxiv:2306.11698."},{"key":"e_1_3_2_1_24_1","volume-title":"Jailbroken: How Does LLM Safety Training Fail? arxiv:2307.02483.","author":"Wei Alexander","year":"2023","unstructured":"Alexander Wei, Nika Haghtalab, and Jacob Steinhardt. 2023. Jailbroken: How Does LLM Safety Training Fail? arxiv:2307.02483."},{"key":"e_1_3_2_1_25_1","unstructured":"Jason Wei Yi Tay Rishi Bommasani Colin Raffel Barret Zoph Sebastian Borgeaud Dani Yogatama Maarten Bosma Denny Zhou and Donald Metzler. 2022. Emergent abilities of large language models. arXiv preprint arXiv:2206.07682."},{"key":"e_1_3_2_1_26_1","volume-title":"Schmidt","author":"White Jules","year":"2023","unstructured":"Jules White, Quchen Fu, Sam Hays, Michael Sandborn, Carlos Olea, Henry Gilbert, Ashraf Elnashar, Jesse Spencer-Smith, and Douglas C. Schmidt. 2023. A Prompt Pattern Catalog to Enhance Prompt Engineering with ChatGPT. arxiv:2302.11382."},{"key":"e_1_3_2_1_27_1","unstructured":"Zihao Xu Yi Liu Gelei Deng Yuekang Li and Stjepan Picek. 2024. LLM Jailbreak Attack versus Defense Techniques \u2013 A Comprehensive Study. arxiv:2402.13457."},{"key":"e_1_3_2_1_28_1","unstructured":"Jun Yan Vikas Yadav Shiyang Li Lichang Chen Zheng Tang Hai Wang Vijay Srinivasan Xiang Ren and Hongxia Jin. 2023. Virtual Prompt Injection for Instruction-Tuned Large Language Models. arxiv:2307.16888."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2301.07069"},{"key":"e_1_3_2_1_30_1","unstructured":"Ying Zhang Wenjia Song Zhengjie Ji and Na Meng. 2023. How well does LLM generate security tests? arXiv preprint arXiv:2310.00710."},{"key":"e_1_3_2_1_31_1","unstructured":"Andy Zou Zifan Wang J. Zico Kolter and Matt Fredrikson. 2023. Universal and Transferable Adversarial Attacks on Aligned Language Models. arxiv:2307.15043."}],"event":{"name":"SEA4DQ '24: 4th International Workshop on Software Engineering and AI for Data Quality in Cyber-Physical Systems\/Internet of Things","location":"Porto de Galinhas Brazil","acronym":"SEA4DQ '24","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 4th International Workshop on Software Engineering and AI for Data Quality in Cyber-Physical Systems\/Internet of Things"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3663530.3665021","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:57:16Z","timestamp":1750291036000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3663530.3665021"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,15]]},"references-count":31,"alternative-id":["10.1145\/3663530.3665021","10.1145\/3663530"],"URL":"https:\/\/doi.org\/10.1145\/3663530.3665021","relation":{},"subject":[],"published":{"date-parts":[[2024,7,15]]},"assertion":[{"value":"2024-07-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}