defense 2026

MAGIC: A Co-Evolving Attacker-Defender Adversarial Game for Robust LLM Safety

Xiaoyu Wen 1,2, Zhida He 1, Han Qi 1, Ziyu Wan 2, Zhongtian Ma 1, Ying Wen 2, Tianhang Zheng 3, Xingcheng Xu 1, Chaochao Lu 1, Qiaosheng Zhang 1

1 Shanghai AI Laboratory

2 Shanghai Jiao Tong University

3 Zhejiang University

0 citations · 74 references · arXiv (Cornell University)
α

Published on arXiv

2602.01539

Prompt Injection

OWASP LLM Top 10 — LLM01

Key Finding

MAGIC achieves superior defense success rates against adaptive multi-turn jailbreak attacks while preserving model helpfulness, with the attacker co-evolving novel combinatorial attack strategies through iterative RL training

MAGIC

Novel technique introduced

Ensuring robust safety alignment is crucial for Large Language Models (LLMs), yet existing defenses often lag behind evolving adversarial attacks due to their \textbf{reliance on static, pre-collected data distributions}. In this paper, we introduce \textbf{MAGIC}, a novel multi-turn multi-agent reinforcement learning framework that formulates LLM safety alignment as an adversarial asymmetric game. Specifically, an attacker agent learns to iteratively rewrite original queries into deceptive prompts, while a defender agent simultaneously optimizes its policy to recognize and refuse such inputs. This dynamic process triggers a \textbf{co-evolution}, where the attacker's ever-changing strategies continuously uncover long-tail vulnerabilities, driving the defender to generalize to unseen attack patterns. Remarkably, we observe that the attacker, endowed with initial reasoning ability, evolves \textbf{novel, previously unseen combinatorial strategies} through iterative RL training, underscoring our method's substantial potential. Theoretically, we provide insights into a more robust game equilibrium and derive safety guarantees. Extensive experiments validate our framework's effectiveness, demonstrating superior defense success rates without compromising the helpfulness of the model. Our code is available at https://github.com/BattleWen/MAGIC.

Key Contributions

  • Asymmetric multi-agent RL framework (MAGIC) that decouples attacker and defender LLM agents to co-evolve without gradient conflicts, guided by Subgame Perfect Nash Equilibrium theory
  • Attack Pool Benchmark with 20 diverse CoT rewriting strategies to bootstrap attacker offensive reasoning and enable long-tail vulnerability exploration beyond static red-teaming datasets
  • Empirical demonstration that adversarial co-evolution produces novel, compositional jailbreak strategies not present in human-crafted templates, while improving defender generalization to unseen attacks

🛡️ Threat Analysis

Details

Domains
nlpreinforcement-learning
Model Types
llmrl
Threat Tags
inference_timeblack_box
Applications
llm safety alignmentautomated red-teamingjailbreak defense
Read PDF arXiv DOI Code

Similar Papers

defense

Adversarial Reinforcement Learning for Large Language Model Agent Safety

2025 3 cit.
92%
defense

TriPlay-RL: Tri-Role Self-Play Reinforcement Learning for LLM Safety Alignment

2026 0 cit.
86%
attack

Automatic LLM Red Teaming

2025 0 cit.
85%
defense

SafeSearch: Do Not Trade Safety for Utility in LLM Search Agents

2025 2 cit.
80%
defense

AdvEvo-MARL: Shaping Internalized Safety through Adversarial Co-Evolution in Multi-Agent Reinforcement Learning

2025 1 cit.
80%
defense

Certifiable Safe RLHF: Fixed-Penalty Constraint Optimization for Safer Language Models

2025 0 cit.
79%
attack

TROJail: Trajectory-Level Optimization for Multi-Turn Large Language Model Jailbreaks with Process Rewards

2025 0 cit.
79%
defense

Be Your Own Red Teamer: Safety Alignment via Self-Play and Reflective Experience Replay

2026 0 cit.
77%