Multilingual jailbreaking of LLMs using low-resource languages

· Source: Computation and Language · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Expert, quick

Summary

A recent study investigated the vulnerability of Large Language Models (LLMs) to jailbreak attempts using multi-turn conversations in low-resource African languages, specifically Afrikaans, Kiswahili, isiXhosa, and isiZulu. Researchers evaluated commercial LLMs including ChatGPT, Claude, DeepSeek, Gemini, and Grok. They found that single-turn translation attacks were ineffective, but multi-turn conversations significantly bypassed safety mechanisms. English harmful response rates ranged from 52.7% (Claude 3.5 Haiku) to 83.6% (GPT-4o-mini), Afrikaans from 60.0% (Claude 3.5 Haiku) to 78.2% (GPT-4o-mini), and Kiswahili from 41.8% (Claude 3.5 Haiku) to 70.9% (DeepSeek). Human red-teaming further increased jailbreak rates, raising the average across all languages from 59.8% to 75.8%, with Afrikaans seeing a +20.0% improvement. The findings highlight persistent multilingual vulnerabilities and underscore translation quality as a critical factor in jailbreak success.

Key takeaway

For research scientists and security teams developing or deploying LLMs, you should prioritize robust multilingual safety guardrails, especially for low-resource languages. The demonstrated success of multi-turn jailbreaks, amplified by human red-teaming and improved translation quality, indicates that current defenses are insufficient. Integrate diverse linguistic red-teaming into your evaluation pipelines to identify and mitigate these specific vulnerabilities before deployment.

Key insights

Multi-turn conversations in low-resource languages can jailbreak LLMs, with translation quality being a key factor.

Principles

Method

Translated existing jailbreak prompts into low-resource African languages, then used automated testing and human red-teaming with multi-turn conversations to evaluate commercial LLMs.

In practice

Topics

Best for: Research Scientist, CTO, VP of Engineering/Data, AI Scientist, AI Security Engineer, NLP Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Computation and Language.