This work addresses the persistent vulnerability of large language models to implicit jailbreaking pathways, which can emerge even after safety alignment or parameter-erasure-based machine unlearning due to dynamic reconfiguration of intermediate-layer parameters. To counter this, the paper introduces JPU—a novel approach that integrates jailbreak defense with machine unlearning by dynamically generating adversarial examples during inference to probe and identify emergent jailbreak trajectories in real time. These detected pathways are then actively redirected toward predefined safe anchors. By moving beyond conventional static erasure paradigms, JPU enables continuous, online correction of unsafe model behaviors while preserving the model’s original capabilities and performance, thereby significantly enhancing robustness against dynamic jailbreak attacks.

Despite extensive safety alignment, Large Language Models (LLMs) often fail against jailbreak attacks. While machine unlearning has emerged as a promising defense by erasing specific harmful parameters, current methods remain vulnerable to diverse jailbreaks. We first conduct an empirical study and discover that this failure mechanism is caused by jailbreaks primarily activating non-erased parameters in the intermediate layers. Further, by probing the underlying mechanism through which these circumvented parameters reassemble into the prohibited output, we verify the persistent existence of dynamic $\textbf{jailbreak paths}$ and show that the inability to rectify them constitutes the fundamental gap in existing unlearning defenses. To bridge this gap, we propose $\textbf{J}$ailbreak $\textbf{P}$ath $\textbf{U}$nlearning (JPU), which is the first to rectify dynamic jailbreak paths towards safety anchors by dynamically mining on-policy adversarial samples to expose vulnerabilities and identify jailbreak paths. Extensive experiments demonstrate that JPU significantly enhances jailbreak resistance against dynamic attacks while preserving the model's utility.