Auto-RT: Automatic Jailbreak Strategy Exploration for Red-Teaming Large Language Models

Automated red-teaming has become a crucial approach for uncovering vulnerabilities in large language models (LLMs). However, most existing methods focus on isolated safety flaws, limiting their ability to adapt to dynamic defenses and uncover complex vulnerabilities efficiently. To address this challenge, we propose Auto-RT, a reinforcement learning framework that automatically explores and optimizes complex attack strategies to effectively uncover security vulnerabilities through malicious queries. Specifically, we introduce two key mechanisms to reduce exploration complexity and improve strategy optimization: 1) Early-terminated Exploration, which accelerate exploration by focusing on high-potential attack strategies; and 2) Progressive Reward Tracking algorithm with intermediate downgrade models, which dynamically refine the search trajectory toward successful vulnerability exploitation. Extensive experiments across diverse LLMs demonstrate that, by significantly improving exploration efficiency and automatically optimizing attack strategies, Auto-RT detects a boarder range of vulnerabilities, achieving a faster detection speed and 16.63\% higher success rates compared to existing methods.

Key Contributions

• Early-terminated Exploration mechanism that accelerates RL-based search by focusing on high-potential jailbreak strategies
• Progressive Reward Tracking algorithm with intermediate downgrade proxy models to dynamically refine attack trajectories toward successful vulnerability exploitation
• Automated red-teaming framework (Auto-RT) that discovers a broader range of LLM vulnerabilities with 16.63% higher attack success rate than existing methods

🛡️ Threat Analysis

Details

Similar Papers