English

SeqAR: Jailbreak LLMs with Sequential Auto-Generated Characters

Cryptography and Security 2025-03-04 v2 Artificial Intelligence Computation and Language

Abstract

The widespread applications of large language models (LLMs) have brought about concerns regarding their potential misuse. Although aligned with human preference data before release, LLMs remain vulnerable to various malicious attacks. In this paper, we adopt a red-teaming strategy to enhance LLM safety and introduce SeqAR, a simple yet effective framework to design jailbreak prompts automatically. The SeqAR framework generates and optimizes multiple jailbreak characters and then applies sequential jailbreak characters in a single query to bypass the guardrails of the target LLM. Different from previous work which relies on proprietary LLMs or seed jailbreak templates crafted by human expertise, SeqAR can generate and optimize the jailbreak prompt in a cold-start scenario using open-sourced LLMs without any seed jailbreak templates. Experimental results show that SeqAR achieves attack success rates of 88% and 60% in bypassing the safety alignment of GPT-3.5-1106 and GPT-4, respectively. Furthermore, we extensively evaluate the transferability of the generated templates across different LLMs and held-out malicious requests, while also exploring defense strategies against the jailbreak attack designed by SeqAR.

Keywords

Cite

@article{arxiv.2407.01902,
  title  = {SeqAR: Jailbreak LLMs with Sequential Auto-Generated Characters},
  author = {Yan Yang and Zeguan Xiao and Xin Lu and Hongru Wang and Xuetao Wei and Hailiang Huang and Guanhua Chen and Yun Chen},
  journal= {arXiv preprint arXiv:2407.01902},
  year   = {2025}
}

Comments

Accepted by NAACL 2025

R2 v1 2026-06-28T17:25:55.098Z