Salvato in:
Dettagli Bibliografici
Autori principali: Guo, Weiyang, Shi, Zesheng, Li, Zhuo, Wang, Yequan, Liu, Xuebo, Wang, Wenya, Liu, Fangming, Zhang, Min, Li, Jing
Natura: Preprint
Pubblicazione: 2025
Soggetti:
Accesso online:https://arxiv.org/abs/2506.00782
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866909631740116992
author Guo, Weiyang
Shi, Zesheng
Li, Zhuo
Wang, Yequan
Liu, Xuebo
Wang, Wenya
Liu, Fangming
Zhang, Min
Li, Jing
author_facet Guo, Weiyang
Shi, Zesheng
Li, Zhuo
Wang, Yequan
Liu, Xuebo
Wang, Wenya
Liu, Fangming
Zhang, Min
Li, Jing
contents As large language models (LLMs) grow in power and influence, ensuring their safety and preventing harmful output becomes critical. Automated red teaming serves as a tool to detect security vulnerabilities in LLMs without manual labor. However, most existing methods struggle to balance the effectiveness and diversity of red-team generated attack prompts. To address this challenge, we propose \ourapproach, a novel automated red teaming training framework that utilizes reinforcement learning to explore and generate more effective attack prompts while balancing their diversity. Specifically, it consists of three training stages: (1) Cold Start: The red team model is supervised and fine-tuned on a jailbreak dataset obtained through imitation learning. (2) Warm-up Exploration: The model is trained in jailbreak instruction following and exploration, using diversity and consistency as reward signals. (3) Enhanced Jailbreak: Progressive jailbreak rewards are introduced to gradually enhance the jailbreak performance of the red-team model. Extensive experiments on a variety of LLMs show that \ourapproach effectively balances the diversity and effectiveness of jailbreak prompts compared to existing methods. Our work significantly improves the efficiency of red team exploration and provides a new perspective on automated red teaming.
format Preprint
id arxiv_https___arxiv_org_abs_2506_00782
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Jailbreak-R1: Exploring the Jailbreak Capabilities of LLMs via Reinforcement Learning
Guo, Weiyang
Shi, Zesheng
Li, Zhuo
Wang, Yequan
Liu, Xuebo
Wang, Wenya
Liu, Fangming
Zhang, Min
Li, Jing
Artificial Intelligence
As large language models (LLMs) grow in power and influence, ensuring their safety and preventing harmful output becomes critical. Automated red teaming serves as a tool to detect security vulnerabilities in LLMs without manual labor. However, most existing methods struggle to balance the effectiveness and diversity of red-team generated attack prompts. To address this challenge, we propose \ourapproach, a novel automated red teaming training framework that utilizes reinforcement learning to explore and generate more effective attack prompts while balancing their diversity. Specifically, it consists of three training stages: (1) Cold Start: The red team model is supervised and fine-tuned on a jailbreak dataset obtained through imitation learning. (2) Warm-up Exploration: The model is trained in jailbreak instruction following and exploration, using diversity and consistency as reward signals. (3) Enhanced Jailbreak: Progressive jailbreak rewards are introduced to gradually enhance the jailbreak performance of the red-team model. Extensive experiments on a variety of LLMs show that \ourapproach effectively balances the diversity and effectiveness of jailbreak prompts compared to existing methods. Our work significantly improves the efficiency of red team exploration and provides a new perspective on automated red teaming.
title Jailbreak-R1: Exploring the Jailbreak Capabilities of LLMs via Reinforcement Learning
topic Artificial Intelligence
url https://arxiv.org/abs/2506.00782