Beyond Fixed and Dynamic Prompts: Embedded Jailbreak Templates for Advancing LLM Security

TL;DR

This paper introduces Embedded Jailbreak Templates for large language models, embedding harmful queries within existing templates to improve red-teaming and safety testing, addressing limitations of previous methods.

Contribution

It proposes a novel embedding-based template approach and a systematic methodology for generating and evaluating effective jailbreak prompts.

Findings

Enhanced template realism and effectiveness in bypassing safety measures

Standardized protocols improve reproducibility and evaluation consistency

Benchmark facilitates more accurate testing of LLM safety defenses

Abstract

As the use of large language models (LLMs) continues to expand, ensuring their safety and robustness has become a critical challenge. In particular, jailbreak attacks that bypass built-in safety mechanisms are increasingly recognized as a tangible threat across industries, driving the need for diverse templates to support red-teaming efforts and strengthen defensive techniques. However, current approaches predominantly rely on two limited strategies: (i) substituting harmful queries into fixed templates, and (ii) having the LLM generate entire templates, which often compromises intent clarity and reproductibility. To address this gap, this paper introduces the Embedded Jailbreak Template, which preserves the structure of existing templates while naturally embedding harmful queries within their context. We further propose a progressive prompt-engineering methodology to ensure template quality and consistency, alongside standardized protocols for generation and evaluation. Together, these contributions provide a benchmark that more accurately reflects real-world usage scenarios and harmful intent, facilitating its application in red-teaming and policy regression testing.