Beyond Fixed and Dynamic Prompts: Embedded Jailbreak Templates for Advancing LLM Security

As the use of large language models (LLMs) continues to expand, ensuring their safety and robustness has become a critical challenge. In particular, jailbreak attacks that bypass built-in safety mechanisms are increasingly recognized as a tangible threat across industries, driving the need for diverse templates to support red-teaming efforts and strengthen defensive techniques. However, current approaches predominantly rely on two limited strategies: (i) substituting harmful queries into fixed templates, and (ii) having the LLM generate entire templates, which often compromises intent clarity and reproductibility. To address this gap, this paper introduces the Embedded Jailbreak Template, which preserves the structure of existing templates while naturally embedding harmful queries within their context. We further propose a progressive prompt-engineering methodology to ensure template quality and consistency, alongside standardized protocols for generation and evaluation. Together, these contributions provide a benchmark that more accurately reflects real-world usage scenarios and harmful intent, facilitating its application in red-teaming and policy regression testing.

Key Contributions

• Embedded Jailbreak Template (EJT) framework that dynamically integrates harmful queries across broader regions of a template rather than fixed substitution slots, preserving semantic intent and structural diversity
• Progressive prompt-engineering methodology with standardized protocols for EJT generation and quality evaluation (template fidelity, intent preservation, refusal stability)
• Comparative benchmark analysis against fixed and dynamic template methods (including WildJailbreak) demonstrating richer structural diversity and more balanced harmful category coverage

🛡️ Threat Analysis

Details

Similar Papers