← Back to Library

Jailbreaking Large Language Diffusion Models: Revealing Hidden Safety Flaws in Diffusion-Based Text Generation

Authors: Yuanhe Zhang, Fangzhou Xie, Zhenhong Zhou, Zherui Li, Hao Chen, Kun Wang, Yufei Guo

Published: 2025-07-25

arXiv ID: 2507.19227v1

Added to Library: 2025-07-28 04:00 UTC

Red Teaming

📄 Abstract

Large Language Diffusion Models (LLDMs) exhibit comparable performance to LLMs while offering distinct advantages in inference speed and mathematical reasoning tasks.The precise and rapid generation capabilities of LLDMs amplify concerns of harmful generations, while existing jailbreak methodologies designed for Large Language Models (LLMs) prove limited effectiveness against LLDMs and fail to expose safety vulnerabilities.Successful defense cannot definitively resolve harmful generation concerns, as it remains unclear whether LLDMs possess safety robustness or existing attacks are incompatible with diffusion-based architectures.To address this, we first reveal the vulnerability of LLDMs to jailbreak and demonstrate that attack failure in LLDMs stems from fundamental architectural differences.We present a PArallel Decoding jailbreak (PAD) for diffusion-based language models. PAD introduces Multi-Point Attention Attack, which guides parallel generative processes toward harmful outputs that inspired by affirmative response patterns in LLMs. Experimental evaluations across four LLDMs demonstrate that PAD achieves jailbreak attack success rates by 97%, revealing significant safety vulnerabilities. Furthermore, compared to autoregressive LLMs of the same size, LLDMs increase the harmful generation speed by 2x, significantly highlighting risks of uncontrolled misuse.Through comprehensive analysis, we provide an investigation into LLDM architecture, offering critical insights for the secure deployment of diffusion-based language models.

🔍 Key Points

  • Introduced the PArallel Decoding jailbreak (PAD), a novel attack methodology specifically designed to exploit vulnerabilities in Large Language Diffusion Models (LLDMs) through a Multi-Point Attention Attack technique.
  • Demonstrated a significantly high success rate of 97% in jailbreaking LLDMs, revealing their vulnerabilities that were previously unexamined compared to traditional Large Language Models (LLMs).
  • Analyzed the architectural differences between LLDMs and autoregressive models, underscoring that existing jailbreak methods for LLMs are largely ineffective against the parallel denoising architectures of LLDMs.
  • Showed that LLDMs not only have vulnerabilities to adversarial attacks but also generate harmful content at an accelerated rate, being 2x faster than autoregressive counterparts under specific attacks.
  • Provided foundational insights into the security implications of deploying LLDMs, calling for improved safety measures tailored to their unique generation mechanisms.

💡 Why This Paper Matters

This paper addresses critical gaps in the understanding of security vulnerabilities specific to Large Language Diffusion Models, an emerging class of generative models that could impact the landscape of AI technologies. By revealing their susceptibility to effective jailbreak attacks and quantifying their harmful generation capabilities, the research emphasizes the urgent need for robust safety and ethical measures when deploying these advanced models in real-world applications.

🎯 Why It's Interesting for AI Security Researchers

The findings of this paper are particularly relevant for AI security researchers, as they highlight a new vector for exploitation in the rapidly evolving field of AI. Understanding the unique vulnerabilities of LLDMs not only contributes to the overarching discourse on AI safety and ethics but also lays the groundwork for future research aimed at developing more secure models and defense mechanisms specifically suited to the architecture of diffusion-based systems.

📚 Read the Full Paper

📄 View on arXiv 📎 Download PDF