Holistic Automated Red Teaming for Large Language Models through Top-Down Test Case Generation and Multi-turn Interaction
This work addresses the need for comprehensive and realistic testing of LLM misalignments, though it is incremental in improving existing red teaming methods.
The paper tackles the problem of limited test case coverage and single-turn interactions in automated red teaming for large language models by proposing HARM, a holistic framework that uses a top-down approach and multi-turn adversarial probing, resulting in a more systematic understanding of model vulnerabilities and targeted alignment guidance.
Automated red teaming is an effective method for identifying misaligned behaviors in large language models (LLMs). Existing approaches, however, often focus primarily on improving attack success rates while overlooking the need for comprehensive test case coverage. Additionally, most of these methods are limited to single-turn red teaming, failing to capture the multi-turn dynamics of real-world human-machine interactions. To overcome these limitations, we propose HARM (Holistic Automated Red teaMing), which scales up the diversity of test cases using a top-down approach based on an extensible, fine-grained risk taxonomy. Our method also leverages a novel fine-tuning strategy and reinforcement learning techniques to facilitate multi-turn adversarial probing in a human-like manner. Experimental results demonstrate that our framework enables a more systematic understanding of model vulnerabilities and offers more targeted guidance for the alignment process.