Auto-RT: Automatic Jailbreak Strategy Exploration for Red-Teaming Large Language Models

TL;DR

Auto-RT is a reinforcement learning framework that automatically explores and optimizes complex attack strategies to efficiently uncover security vulnerabilities in large language models, surpassing existing methods in speed and success rate.

Contribution

The paper introduces Auto-RT, a novel RL-based approach with innovative exploration and reward mechanisms for more effective red-teaming of LLMs.

Findings

Achieves 16.63% higher success rate than existing methods.

Detects a broader range of vulnerabilities.

Faster detection speed in diverse LLMs.

Abstract

Automated red-teaming has become a crucial approach for uncovering vulnerabilities in large language models (LLMs). However, most existing methods focus on isolated safety flaws, limiting their ability to adapt to dynamic defenses and uncover complex vulnerabilities efficiently. To address this challenge, we propose Auto-RT, a reinforcement learning framework that automatically explores and optimizes complex attack strategies to effectively uncover security vulnerabilities through malicious queries. Specifically, we introduce two key mechanisms to reduce exploration complexity and improve strategy optimization: 1) Early-terminated Exploration, which accelerate exploration by focusing on high-potential attack strategies; and 2) Progressive Reward Tracking algorithm with intermediate downgrade models, which dynamically refine the search trajectory toward successful vulnerability exploitation. Extensive experiments across diverse LLMs demonstrate that, by significantly improving exploration efficiency and automatically optimizing attack strategies, Auto-RT detects a boarder range of vulnerabilities, achieving a faster detection speed and 16.63\% higher success rates compared to existing methods.