Adversarial Reframing: A Framework for Targeted Generation in Language Models
For LLM safety researchers, this reveals previously undetected vulnerabilities in aligned models and provides a practical tool for proactive safety testing.
THREAT is a multi-LLM framework that discovers jailbreak prompts for LLMs, achieving higher attack success rates with lower computational cost than prior methods, while evading safety filters in over 99% of cases.
Large Language Models (LLMs) are widely deployed in diverse real-world settings, yet remain vulnerable to jailbreaking, where prompt-based attacks bypass safety filters. We present THREAT (Targeted Harmful generation via Reframing and Exploitation of Adversarial Tactics), a reasoning-driven framework that coordinates multiple LLMs in an iterative search loop to find textual jailbreak prompts. We formulate prompt discovery as a nonconvex optimization problem and provide an efficient solution that lowers runtime and improves attack effectiveness. Across diverse datasets and model architectures, THREAT delivers higher attack success rates with lower computational cost than prior methods. The crafted prompts were flagged as harmful in fewer than 1% of cases, compared with about 50% refusals for the corresponding unmodified prompts. These findings reveal previously undetected vulnerabilities in aligned LLMs and position THREAT as a practical tool for proactively strengthening the safety of foundation models.