← Back to papers
2026 AAAI AAAI 2026

Dynamic Deep Prompt Optimization for Defending Against Jailbreak Attacks on LLMs

Abstract

Abstract Large Language Models (LLMs) demonstrate impressive capabilities across many applications but remain vulnerable to jailbreak attacks, which elicit harmful or unintended content. While model fine-tuning is an option for safety alignment, it is costly and prone to catastrophic forgetting. Prompt optimization has emerged as a promising alternative, yet existing prompt-based defenses typically rely on static modifications (e.g., fixed prefixes or suffixes) that cannot adapt to diverse and evolving attacks. We propose Dynamic Deep Prompt Optimization (DDPO), the first jailbreak defense based on deep prompt optimization. DDPO uses the target LLM's own intermediate layers as feature extractors to dynamically generate defensive embeddings via a lightweight multilayer perceptron. These tailored embeddings are then injected into a subsequent intermediate layer, enabling an input-dependent defense without modifying the LLM's weights. This design ensures high adaptability with minimal computational overhead. Experiments on a diverse set of models and attacks demonstrate that DDPO significantly outperforms static prompt optimization methods, particularly on weakly aligned models and when handling semantically ambiguous benign prompts, successfully distinguishing them from genuinely harmful requests.

🌉 Interdisciplinary Bridge — Artificial Intelligence and Machine Learning
🧭 Keyword Pioneer — deep prompt
🐝 Cross-Pollinator — Artificial Intelligence, Computer Science, Computer Vision, Data Science & Analytics, Deep Learning, Healthcare & Medicine, Interdisciplinary, Knowledge & Reasoning, Machine Learning, Mathematics & Optimization, Natural Language Processing, Reinforcement Learning, Robotics, Security & Privacy, Speech & Audio

Authors

Doniyorkhon Obidov , Honggang Yu , Xiaolong Guo , Kaichen Yang

Topics

Artificial Intelligence > Core AI > AI Safety Machine Learning > Optimization & Theory > Neural Network Optimization

Keywords

adversarial defense jailbreak attack prompt optimization large language model deep prompt
Download PDF

Related papers

Hi-EF: Benchmarking Emotion Forecasting in Human-interaction 2026
MosaicDoc: A Large-Scale Bilingual Benchmark for Visually Rich Document Understanding 2026
Sparse3DPR: Training-Free 3D Hierarchical Scene Parsing and Task-Adaptive Subgraph Reasoning from Sparse RGB Views 2026
LayerEdit: Disentangled Multi-Object Editing via Conflict-Aware Multi-Layer Learning 2026
HDGS: Hierarchical Dynamic Gaussian Splatting for Urban Driving Scenes 2026