Auto-RT: Automatic Jailbreak Strategy Exploration for Red-Teaming Large Language Models
This addresses the challenge of automated red-teaming for LLMs, offering a more adaptive approach to dynamic defenses, though it appears incremental as it builds on existing reinforcement learning methods for vulnerability detection.
The paper tackled the problem of efficiently uncovering complex security vulnerabilities in large language models by proposing Auto-RT, a reinforcement learning framework that automatically explores and optimizes attack strategies, resulting in a 16.63% higher success rate and faster detection speed compared to existing methods.
Automated red-teaming has become a crucial approach for uncovering vulnerabilities in large language models (LLMs). However, most existing methods focus on isolated safety flaws, limiting their ability to adapt to dynamic defenses and uncover complex vulnerabilities efficiently. To address this challenge, we propose Auto-RT, a reinforcement learning framework that automatically explores and optimizes complex attack strategies to effectively uncover security vulnerabilities through malicious queries. Specifically, we introduce two key mechanisms to reduce exploration complexity and improve strategy optimization: 1) Early-terminated Exploration, which accelerate exploration by focusing on high-potential attack strategies; and 2) Progressive Reward Tracking algorithm with intermediate downgrade models, which dynamically refine the search trajectory toward successful vulnerability exploitation. Extensive experiments across diverse LLMs demonstrate that, by significantly improving exploration efficiency and automatically optimizing attack strategies, Auto-RT detects a boarder range of vulnerabilities, achieving a faster detection speed and 16.63\% higher success rates compared to existing methods.