Learning-Based Automated Adversarial Red-Teaming for Robustness Evaluation of Large Language Models

TL;DR

This paper introduces a learning-based automated red-teaming framework for large language models, significantly improving vulnerability discovery efficiency and coverage over manual methods.

Contribution

It formulates automated adversarial testing as a structured search problem and combines meta-prompt-guided generation with hierarchical detection for scalable robustness evaluation.

Findings

Identified 47 vulnerabilities, including 21 high-severity failures.

Achieved 3.9 times higher vulnerability discovery rate than manual red-teaming.

Demonstrated superior coverage, efficiency, and reproducibility in robustness evaluation.

Abstract

The increasing deployment of large language models (LLMs) in safety-critical applications raises fundamental challenges in systematically evaluating robustness against adversarial behaviors. Existing red-teaming practices are largely manual and expert-driven, which limits scalability, reproducibility, and coverage in high-dimensional prompt spaces. We formulate automated LLM red-teaming as a structured adversarial search problem and propose a learning-driven framework for scalable vulnerability discovery. The approach combines meta-prompt-guided adversarial prompt generation with a hierarchical execution and detection pipeline, enabling standardized evaluation across six representative threat categories, including reward hacking, deceptive alignment, data exfiltration, sandbagging, inappropriate tool use, and chain-of-thought manipulation. Extensive experiments on GPT-OSS-20B identify 47 vulnerabilities, including 21 high-severity failures and 12 previously undocumented attack patterns. Compared with manual red-teaming under matched query budgets, our method achieves a 3.9$\times$ higher discovery rate with 89\% detection accuracy, demonstrating superior coverage, efficiency, and reproducibility for large-scale robustness evaluation.