Large Language Models (LLMs) remain vulnerable to multi-turn jailbreak attacks. We introduce HarmNet, a modular framework comprising ThoughtNet, a hierarchical semantic network; a feedback-driven Simulator for iterative query refinement; and a Network Traverser for real-time adaptive attack execution. HarmNet systematically explores and refines the adversarial space to uncover stealthy, high-success attack paths. Experiments across closed-source and open-source LLMs show that HarmNet outperforms state-of-the-art methods, achieving higher attack success rates. For example, on Mistral-7B, HarmNet achieves a 99.4% attack success rate, 13.9% higher than the best baseline. Index terms: jailbreak attacks; large language models; adversarial framework; query refinement.
@article{arxiv.2510.18728,
title = {HarmNet: A Framework for Adaptive Multi-Turn Jailbreak Attacks on Large Language Models},
author = {Sidhant Narula and Javad Rafiei Asl and Mohammad Ghasemigol and Eduardo Blanco and Daniel Takabi},
journal= {arXiv preprint arXiv:2510.18728},
year = {2025}
}
Comments
This paper has been accepted for presentation at the Conference on Applied Machine Learning in Information Security (CAMLIS 2025)