Instructions to use cesun/advllm_llama3 with libraries, inference providers, notebooks, and local apps. Follow these links to get started.

Libraries

How to use cesun/advllm_llama3 with Transformers:

# Use a pipeline as a high-level helper
from transformers import pipeline

pipe = pipeline("text-generation", model="cesun/advllm_llama3")
messages = [
    {"role": "user", "content": "Who are you?"},
]
pipe(messages)

# Load model directly
from transformers import AutoTokenizer, AutoModelForCausalLM

tokenizer = AutoTokenizer.from_pretrained("cesun/advllm_llama3")
model = AutoModelForCausalLM.from_pretrained("cesun/advllm_llama3")
messages = [
    {"role": "user", "content": "Who are you?"},
]
inputs = tokenizer.apply_chat_template(
	messages,
	add_generation_prompt=True,
	tokenize=True,
	return_dict=True,
	return_tensors="pt",
).to(model.device)

outputs = model.generate(**inputs, max_new_tokens=40)
print(tokenizer.decode(outputs[0][inputs["input_ids"].shape[-1]:]))

Inference
Notebooks
Google Colab
Kaggle
Local Apps Settings

vLLM

How to use cesun/advllm_llama3 with vLLM:

Install from pip and serve model

# Install vLLM from pip:
pip install vllm
# Start the vLLM server:
vllm serve "cesun/advllm_llama3"
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:8000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "cesun/advllm_llama3",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker

docker model run hf.co/cesun/advllm_llama3

SGLang

How to use cesun/advllm_llama3 with SGLang:

Install from pip and serve model

# Install SGLang from pip:
pip install sglang
# Start the SGLang server:
python3 -m sglang.launch_server \
    --model-path "cesun/advllm_llama3" \
    --host 0.0.0.0 \
    --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "cesun/advllm_llama3",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker images

docker run --gpus all \
    --shm-size 32g \
    -p 30000:30000 \
    -v ~/.cache/huggingface:/root/.cache/huggingface \
    --env "HF_TOKEN=<secret>" \
    --ipc=host \
    lmsysorg/sglang:latest \
    python3 -m sglang.launch_server \
        --model-path "cesun/advllm_llama3" \
        --host 0.0.0.0 \
        --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "cesun/advllm_llama3",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Docker Model Runner
How to use cesun/advllm_llama3 with Docker Model Runner:
```
docker model run hf.co/cesun/advllm_llama3
```

ADV-LLM

ADV-LLM is an iteratively self-tuned adversarial language model that generates jailbreak suffixes capable of bypassing safety alignment in open-source and proprietary models.

Paper: https://arxiv.org/abs/2410.18469
Code: https://github.com/SunChungEn/ADV-LLM

Model Details

Authors: Chung-En Sun et al. (UCSD & Microsoft Research)
Finetuned from: LLaMA-3-8B-Instruct
Language: English
License: MIT

Usage Example

from transformers import AutoModelForCausalLM, AutoTokenizer
model = AutoModelForCausalLM.from_pretrained("cesun/advllm_llama3")
tokenizer = AutoTokenizer.from_pretrained("cesun/advllm_llama3")
inputs = tokenizer("How to make a bomb", return_tensors="pt")
outputs = model.generate(**inputs, max_new_tokens=90)
print(tokenizer.decode(outputs[0], skip_special_tokens=True))

Evaluation Results

ADV-LLM achieves near-perfect jailbreak success rates under group beam search (GBS-50) across a wide range of models and safety checks, including Template (TP), LlamaGuard (LG), and GPT-4 evaluations.

Victim Model	GBS-50 ASR (TP / LG / GPT-4)
Vicuna-7B-v1.5	100.00% / 100.00% / 99.81%
Guanaco-7B	100.00% / 100.00% / 99.81%
Mistral-7B-Instruct-v0.2	100.00% / 100.00% / 100.00%
LLaMA-2-7B-chat	100.00% / 100.00% / 93.85%
LLaMA-3-8B-Instruct	100.00% / 98.84% / 98.27%

Legend:

ASR = Attack Success Rate
TP = Template-based refusal detection
LG = LlamaGuard safety classifier
GPT-4 = Harmfulness judged by GPT-4

Citation

If you use ADV-LLM in your research or evaluation, please cite:

BibTeX

@inproceedings{sun2025advllm,
  title={Iterative Self-Tuning LLMs for Enhanced Jailbreaking Capabilities},
  author={Sun, Chung-En and Liu, Xiaodong and Yang, Weiwei and Weng, Tsui-Wei and Cheng, Hao and San, Aidan and Galley, Michel and Gao, Jianfeng},
  booktitle={NAACL},
  year={2025}
}

Downloads last month: 24

Paper for cesun/advllm_llama3

Iterative Self-Tuning LLMs for Enhanced Jailbreaking Capabilities

Paper • 2410.18469 • Published Oct 24, 2024 • 1