酒后吐真言与漏洞：通过醉酒语言诱导探究LLM安全

Humans are susceptible to undesirable behaviors and privacy leaks when under the influence of alcohol. Large Language Models (LLMs) can exhibit safety failures driven by “drunk language,” defined as text written under the influence of alcohol. This research investigates three mechanisms for inducing drunk language in LLMs: persona-based prompting, causal fine-tuning, and reinforcement-based post-training. When evaluated across five distinct LLMs, a high incidence of safety failures was observed. Specifically, persona-based prompting successfully induced LLMs to generate inappropriate content or leak sensitive information by simulating the speaking style and thought patterns of an intoxicated individual. Causal fine-tuning, by training models on specific drunk language corpora, enabled them to acquire the characteristics of drunk language, subsequently exhibiting similar security vulnerabilities in generation. Reinforcement-based post-training further accentuated LLM behavior in an intoxicated state by rewarding the generation of drunk language samples and penalizing normal language outputs. Experimental results consistently demonstrated that all three methods effectively degrade LLM safety, making them more prone to producing biased, harmful content, or leaking user privacy in response to specific queries. For instance, under simulated intoxication, models might lean towards aggressive remarks or disclose personal information without explicit authorization. Furthermore, drunk language inducement reveals LLMs' vulnerabilities when processing ambiguous, irrational, or emotionally charged inputs, which are prevalent in real-world scenarios. The study underscores the necessity of considering and mitigating safety risks arising from non-standard or perturbed inputs during LLM development and deployment.