English

LLMStinger: Jailbreaking LLMs using RL fine-tuned LLMs

Machine Learning 2026-01-29 v2 Cryptography and Security

Abstract

We introduce LLMStinger, a novel approach that leverages Large Language Models (LLMs) to automatically generate adversarial suffixes for jailbreak attacks. Unlike traditional methods, which require complex prompt engineering or white-box access, LLMStinger uses a reinforcement learning (RL) loop to fine-tune an attacker LLM, generating new suffixes based on existing attacks for harmful questions from the HarmBench benchmark. Our method significantly outperforms existing red-teaming approaches (we compared against 15 of the latest methods), achieving a +57.2% improvement in Attack Success Rate (ASR) on LLaMA2-7B-chat and a +50.3% ASR increase on Claude 2, both models known for their extensive safety measures. Additionally, we achieved a 94.97% ASR on GPT-3.5 and 99.4% on Gemma-2B-it, demonstrating the robustness and adaptability of LLMStinger across open and closed-source models.

Keywords

Cite

@article{arxiv.2411.08862,
  title  = {LLMStinger: Jailbreaking LLMs using RL fine-tuned LLMs},
  author = {Piyush Jha and Arnav Arora and Vijay Ganesh},
  journal= {arXiv preprint arXiv:2411.08862},
  year   = {2026}
}

Comments

Accepted at AAAI 2025

R2 v1 2026-06-28T19:58:43.257Z