HAMSA: Hijacking Aligned Compact Models via Stealthy Automation
This addresses security vulnerabilities in aligned compact LLMs, though it is incremental as it builds on existing adversarial prompt generation techniques.
The paper tackles the problem of jailbreak attacks on aligned compact LLMs by developing an automated red-teaming framework that evolves stealthy prompts, achieving systematic bypass of alignment safeguards while maintaining natural language fluency, as evaluated on English and newly curated Arabic benchmarks.
Large Language Models (LLMs), especially their compact efficiency-oriented variants, remain susceptible to jailbreak attacks that can elicit harmful outputs despite extensive alignment efforts. Existing adversarial prompt generation techniques often rely on manual engineering or rudimentary obfuscation, producing low-quality or incoherent text that is easily flagged by perplexity-based filters. We present an automated red-teaming framework that evolves semantically meaningful and stealthy jailbreak prompts for aligned compact LLMs. The approach employs a multi-stage evolutionary search, where candidate prompts are iteratively refined using a population-based strategy augmented with temperature-controlled variability to balance exploration and coherence preservation. This enables the systematic discovery of prompts capable of bypassing alignment safeguards while maintaining natural language fluency. We evaluate our method on benchmarks in English (In-The-Wild Jailbreak Prompts on LLMs), and a newly curated Arabic one derived from In-The-Wild Jailbreak Prompts on LLMs and annotated by native Arabic linguists, enabling multilingual assessment.