The Social Facilitation Prompt (SoP) framework facilitates the automated creation of jailbreak prompts, effectively circumventing the safety mechanisms embedded within large language models (LLMs). This framework employs multiple optimized "jailbreak characters" within a single prompt to coerce the LLM into generating harmful or undesirable content, even in the absence of pre-existing jailbreak templates. The vulnerability has been successfully demonstrated on models such as GPT-3.5, GPT-4, and LLaMA-2. Mitigation steps: **For AI Developers:** * [Enhance LLM safety mechanisms to resist attacks using multiple personas or collaborative narratives.] * [Implement detection systems to identify and block prompts utilizing strategies such as multiple characters with specific instructions or affirmative prefixes.] * [Regularly update and refine safety filters and guardrails in response to emerging attack techniques.] **For Model Trainers/Fine-tuners:** * [Employ a combination of detection-based and prompt-based defensive strategies, ensuring thorough evaluation of their effectiveness against automated attacks.]