English

HAMSA: Hijacking Aligned Compact Models via Stealthy Automation

Computation and Language 2025-08-25 v1

Abstract

Large Language Models (LLMs), especially their compact efficiency-oriented variants, remain susceptible to jailbreak attacks that can elicit harmful outputs despite extensive alignment efforts. Existing adversarial prompt generation techniques often rely on manual engineering or rudimentary obfuscation, producing low-quality or incoherent text that is easily flagged by perplexity-based filters. We present an automated red-teaming framework that evolves semantically meaningful and stealthy jailbreak prompts for aligned compact LLMs. The approach employs a multi-stage evolutionary search, where candidate prompts are iteratively refined using a population-based strategy augmented with temperature-controlled variability to balance exploration and coherence preservation. This enables the systematic discovery of prompts capable of bypassing alignment safeguards while maintaining natural language fluency. We evaluate our method on benchmarks in English (In-The-Wild Jailbreak Prompts on LLMs), and a newly curated Arabic one derived from In-The-Wild Jailbreak Prompts on LLMs and annotated by native Arabic linguists, enabling multilingual assessment.

Keywords

Cite

@article{arxiv.2508.16484,
  title  = {HAMSA: Hijacking Aligned Compact Models via Stealthy Automation},
  author = {Alexey Krylov and Iskander Vagizov and Dmitrii Korzh and Maryam Douiba and Azidine Guezzaz and Vladimir Kokh and Sergey D. Erokhin and Elena V. Tutubalina and Oleg Y. Rogov},
  journal= {arXiv preprint arXiv:2508.16484},
  year   = {2025}
}

Comments

9 pages, 1 figure; article under review

R2 v1 2026-07-01T05:01:53.977Z