This work addresses the security vulnerability of large language models (LLMs) to jailbreaking attacks by uncovering, from a representation engineering perspective, an intrinsic mechanism: jailbreak success or failure is not solely determined by output-layer logic but stems from a specific, semantically irrelevant yet highly detectable and controllable neural activation pattern in the latent space. The authors propose a lightweight, contrastive-query-based paradigm for identifying and intervening in this pattern—requiring only a small set of contrastive examples to reliably localize it. By selectively attenuating or amplifying its activation strength, the model’s jailbreak robustness can be significantly increased or decreased. Extensive experiments demonstrate the consistency of this mechanism across multiple mainstream open-source LLMs. The approach offers a novel, interpretable, and low-overhead pathway for enhancing LLM security, bridging representation-level analysis with practical adversarial robustness.

The recent surge in jailbreaking attacks has revealed significant vulnerabilities in Large Language Models (LLMs) when exposed to malicious inputs. While various defense strategies have been proposed to mitigate these threats, there has been limited research into the underlying mechanisms that make LLMs vulnerable to such attacks. In this study, we suggest that the self-safeguarding capability of LLMs is linked to specific activity patterns within their representation space. Although these patterns have little impact on the semantic content of the generated text, they play a crucial role in shaping LLM behavior under jailbreaking attacks. Our findings demonstrate that these patterns can be detected with just a few pairs of contrastive queries. Extensive experimentation shows that the robustness of LLMs against jailbreaking can be manipulated by weakening or strengthening these patterns. Further visual analysis provides additional evidence for our conclusions, providing new insights into the jailbreaking phenomenon. These findings highlight the importance of addressing the potential misuse of open-source LLMs within the community.