attack 2026

Evolving Jailbreaks: Automated Multi-Objective Long-Tail Attacks on Large Language Models

Wenjing Hong 1, Zhonghua Rong 1, Li Wang 1, Feng Chang 2, Jian Zhu 2, Ke Tang 3, Zexuan Zhu 1, Yew-Soon Ong 4

1 Shenzhen University

2 Brain-Inspired Technology Co.,Ltd

3 Southern University of Science and Technology

4 Nanyang Technological University

0 citations
α

Published on arXiv

2603.20122

Prompt Injection

OWASP LLM Top 10 — LLM01

Key Finding

Achieves competitive attack success rates with existing methods while discovering diverse Pareto-optimal jailbreak strategies through automated evolutionary optimization

EvoJail

Novel technique introduced

Large Language Models (LLMs) have been widely deployed, especially through free Web-based applications that expose them to diverse user-generated inputs, including those from long-tail distributions such as low-resource languages and encrypted private data. This open-ended exposure increases the risk of jailbreak attacks that undermine model safety alignment. While recent studies have shown that leveraging long-tail distributions can facilitate such jailbreaks, existing approaches largely rely on handcrafted rules, limiting the systematic evaluation of these security and privacy vulnerabilities. In this work, we present EvoJail, an automated framework for discovering long-tail distribution attacks via multi-objective evolutionary search. EvoJail formulates long-tail attack prompt generation as a multi-objective optimization problem that jointly maximizes attack effectiveness and minimizes output perplexity, and introduces a semantic-algorithmic solution representation to capture both high-level semantic intent and low-level structural transformations of encryption-decryption logic. Building upon this representation, EvoJail integrates LLM-assisted operators into a multi-objective evolutionary framework, enabling adaptive and semantically informed mutation and crossover for efficiently exploring a highly structured and open-ended search space. Extensive experiments demonstrate that EvoJail consistently discovers diverse and effective long-tail jailbreak strategies, achieving competitive performance with existing methods in both individual and ensemble level.

Key Contributions

  • First automated framework for long-tail distribution jailbreak attacks via multi-objective evolutionary search
  • Semantic-algorithmic representation combining high-level intent with encryption-decryption logic transformations
  • LLM-assisted evolutionary operators (mutation, crossover) for adaptive exploration of structured prompt space

🛡️ Threat Analysis

Details

Domains
nlp
Model Types
llmtransformer
Threat Tags
black_boxinference_timeuntargeted
Applications
chatbotweb-based llm applications
Read PDF arXiv

Similar Papers

attack

ToxSearch: Evolving Prompts for Toxicity Search in Large Language Models

2025 0 cit.
91%
attack

Exposing Long-Tail Safety Failures in Large Language Models through Efficient Diverse Response Sampling

2026 0 cit.
91%
attack

Chain-of-Thought Hijacking

2025 3 cit.
91%
attack

SearchAttack: Red-Teaming LLMs against Knowledge-to-Action Threats under Online Web Search

2026 0 cit.
91%
attack

Special-Character Adversarial Attacks on Open-Source Language Model

2025 0 cit.
91%
attack

Jailbreaking in the Haystack

2025 2 cit.
91%
attack

ICL-EVADER: Zero-Query Black-Box Evasion Attacks on In-Context Learning and Their Defenses

2026 0 cit.
83%
attack

A Simple and Efficient Jailbreak Method Exploiting LLMs' Helpfulness

2025 0 cit.
83%