Prompt Optimization and Evaluation for LLM Automated Red Teaming
This work addresses security vulnerabilities in widespread LLM applications, though it appears incremental as it builds on existing automated red teaming frameworks.
The paper tackles the problem of identifying vulnerabilities in LLM applications by introducing a method for optimizing attack generator prompts in automated red teaming, measuring individual attack discoverability through repeated random seeding to reveal exploitable patterns.
Applications that use Large Language Models (LLMs) are becoming widespread, making the identification of system vulnerabilities increasingly important. Automated Red Teaming accelerates this effort by using an LLM to generate and execute attacks against target systems. Attack generators are evaluated using the Attack Success Rate (ASR) the sample mean calculated over the judgment of success for each attack. In this paper, we introduce a method for optimizing attack generator prompts that applies ASR to individual attacks. By repeating each attack multiple times against a randomly seeded target, we measure an attack's discoverability the expectation of the individual attack success. This approach reveals exploitable patterns that inform prompt optimization, ultimately enabling more robust evaluation and refinement of generators.