HAMSA: Hijacking Aligned Compact Models via Stealthy Automation

TL;DR

This paper introduces HAMSA, an automated evolutionary framework that generates stealthy, coherent jailbreak prompts for compact LLMs, revealing vulnerabilities in alignment safeguards across multiple languages.

Contribution

It presents a novel multi-stage evolutionary search method for creating natural, effective jailbreak prompts, advancing automated red-teaming for aligned language models.

Findings

Successfully bypassed alignment safeguards in benchmark tests

Generated prompts maintain high natural language fluency

Demonstrated effectiveness in multilingual settings

Abstract

Large Language Models (LLMs), especially their compact efficiency-oriented variants, remain susceptible to jailbreak attacks that can elicit harmful outputs despite extensive alignment efforts. Existing adversarial prompt generation techniques often rely on manual engineering or rudimentary obfuscation, producing low-quality or incoherent text that is easily flagged by perplexity-based filters. We present an automated red-teaming framework that evolves semantically meaningful and stealthy jailbreak prompts for aligned compact LLMs. The approach employs a multi-stage evolutionary search, where candidate prompts are iteratively refined using a population-based strategy augmented with temperature-controlled variability to balance exploration and coherence preservation. This enables the systematic discovery of prompts capable of bypassing alignment safeguards while maintaining natural language fluency. We evaluate our method on benchmarks in English (In-The-Wild Jailbreak Prompts on LLMs), and a newly curated Arabic one derived from In-The-Wild Jailbreak Prompts on LLMs and annotated by native Arabic linguists, enabling multilingual assessment.