From Insight to Exploit: Leveraging LLM Collaboration for Adaptive Adversarial Text Generation
This work addresses the need for systematic self-assessment of LLM robustness in sensitive tasks, representing an incremental improvement by automating adversarial generation without external heuristics.
The authors tackled the problem of assessing LLM robustness against adversarial inputs by introducing Static Deceptor (StaDec) and Dynamic Deceptor (DyDec) frameworks, which generate subtle and natural-looking adversarial examples that preserve semantic similarity while effectively deceiving target LLMs, with attacks showing strong transferability across unknown models.
LLMs can provide substantial zero-shot performance on diverse tasks using a simple task prompt, eliminating the need for training or fine-tuning. However, when applying these models to sensitive tasks, it is crucial to thoroughly assess their robustness against adversarial inputs. In this work, we introduce Static Deceptor (StaDec) and Dynamic Deceptor (DyDec), two innovative attack frameworks designed to systematically generate dynamic and adaptive adversarial examples by leveraging the understanding of the LLMs. We produce subtle and natural-looking adversarial inputs that preserve semantic similarity to the original text while effectively deceiving the target LLM. By utilizing an automated, LLM-driven pipeline, we eliminate the dependence on external heuristics. Our attacks evolve with the advancements in LLMs and demonstrate strong transferability across models unknown to the attacker. Overall, this work provides a systematic approach for the self-assessment of an LLM's robustness. We release our code and data at https://github.com/Shukti042/AdversarialExample.