Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking

TL;DR

Jailbreak Foundry (JBF) is a system that converts jailbreak research papers into executable modules, enabling standardized, reproducible, and scalable evaluation of attack success rates against large language models.

Contribution

JBF introduces a multi-agent workflow and shared infrastructure to translate jailbreak papers into runnable modules, streamlining reproducibility and comparison across attacks.

Findings

High fidelity reproduction of 30 attacks with minimal success rate deviation

Reduces implementation code by nearly half compared to original repositories

Enables standardized evaluation across multiple models with GPT-4o judge

Abstract

Jailbreak techniques for large language models (LLMs) evolve faster than benchmarks, making robustness estimates stale and difficult to compare across papers due to drift in datasets, harnesses, and judging protocols. We introduce JAILBREAK FOUNDRY (JBF), a system that addresses this gap via a multi-agent workflow to translate jailbreak papers into executable modules for immediate evaluation within a unified harness. JBF features three core components: (i) JBF-LIB for shared contracts and reusable utilities; (ii) JBF-FORGE for the multi-agent paper-to-module translation; and (iii) JBF-EVAL for standardizing evaluations. Across 30 reproduced attacks, JBF achieves high fidelity with a mean (reproduced-reported) attack success rate (ASR) deviation of +0.26 percentage points. By leveraging shared infrastructure, JBF reduces attack-specific implementation code by nearly half relative to original repositories and achieves an 82.5% mean reused-code ratio. This system enables a standardized AdvBench evaluation of all 30 attacks across 10 victim models using a consistent GPT-4o judge. By automating both attack integration and standardized evaluation, JBF offers a scalable solution for creating living benchmarks that keep pace with the rapidly shifting security landscape.