Adversarial Reframing: A Framework for Targeted Generation in Language Models

TL;DR

This paper introduces THREAT, a reasoning-driven framework that efficiently finds textual jailbreak prompts to expose vulnerabilities in large language models, highlighting safety concerns and potential improvements.

Contribution

The paper presents a novel, optimization-based framework for targeted prompt generation that outperforms prior methods in attack success and efficiency.

Findings

Higher attack success rates with lower computational cost.

Crafted harmful prompts flagged in fewer than 1% of cases.

Revealed previously undetected vulnerabilities in aligned LLMs.

Abstract

Large Language Models (LLMs) are widely deployed in diverse real-world settings, yet remain vulnerable to jailbreaking, where prompt-based attacks bypass safety filters. We present THREAT (Targeted Harmful generation via Reframing and Exploitation of Adversarial Tactics), a reasoning-driven framework that coordinates multiple LLMs in an iterative search loop to find textual jailbreak prompts. We formulate prompt discovery as a nonconvex optimization problem and provide an efficient solution that lowers runtime and improves attack effectiveness. Across diverse datasets and model architectures, THREAT delivers higher attack success rates with lower computational cost than prior methods. The crafted prompts were flagged as harmful in fewer than 1% of cases, compared with about 50% refusals for the corresponding unmodified prompts. These findings reveal previously undetected vulnerabilities in aligned LLMs and position THREAT as a practical tool for proactively strengthening the safety of foundation models.