Evolving Jailbreaks: Automated Multi-Objective Long-Tail Attacks on Large Language Models

TL;DR

This paper introduces EvoJail, an automated evolutionary framework that systematically discovers long-tail jailbreak attacks on large language models by optimizing attack effectiveness and output perplexity.

Contribution

EvoJail is the first automated, multi-objective evolutionary approach for generating long-tail jailbreak prompts, combining semantic-aware representations with LLM-assisted operators.

Findings

EvoJail discovers diverse, effective jailbreak strategies.

It outperforms handcrafted rule-based methods.

It demonstrates robustness across different attack scenarios.

Abstract

Large Language Models (LLMs) have been widely deployed, especially through free Web-based applications that expose them to diverse user-generated inputs, including those from long-tail distributions such as low-resource languages and encrypted private data. This open-ended exposure increases the risk of jailbreak attacks that undermine model safety alignment. While recent studies have shown that leveraging long-tail distributions can facilitate such jailbreaks, existing approaches largely rely on handcrafted rules, limiting the systematic evaluation of these security and privacy vulnerabilities. In this work, we present EvoJail, an automated framework for discovering long-tail distribution attacks via multi-objective evolutionary search. EvoJail formulates long-tail attack prompt generation as a multi-objective optimization problem that jointly maximizes attack effectiveness and minimizes output perplexity, and introduces a semantic-algorithmic solution representation to capture both high-level semantic intent and low-level structural transformations of encryption-decryption logic. Building upon this representation, EvoJail integrates LLM-assisted operators into a multi-objective evolutionary framework, enabling adaptive and semantically informed mutation and crossover for efficiently exploring a highly structured and open-ended search space. Extensive experiments demonstrate that EvoJail consistently discovers diverse and effective long-tail jailbreak strategies, achieving competitive performance with existing methods in both individual and ensemble level.