Title: Claudini: Autoresearch Uncovers Cutting-Edge Adversarial Attack Algorithms for LLMs

Original: arXiv:2603.24511v2 Announce Type: replace-cross

Abstract: Our findings demonstrate that AI agents can autonomously devise new algorithms for attacking Large Language Models (LLMs), pushing the boundaries of white-box jailbreaking and prompt injection assessments. By integrating state-of-the-art agents like Codex and Claude Code into an autoresearch framework, we provided them with access to a repository of over 30 existing techniques and an evaluation script constrained by a specific compute budget. This approach proved highly effective, successfully jailbreaking OpenAI’s GPT-OSS-Safeguard-20B and executing prompt injections on Meta-SecAlign-70B, a model designed for adversarial robustness.

Regarding GPT-OSS-Safeguard, the top method identified by the agents reached an attack success rate (ASR) of up to 80% on CBRN queries, significantly outperforming current techniques, which yield less than 50%. In the case of SecAlign, the agent-discovered strategy achieved a perfect 100% ASR, surpassing the highest previous automated methods, which managed only 82%. Interestingly, these attack methods were crafted on unrelated surrogate models for a random-target token-forcing task, yet they transferred directly and effectively to prompt injection attacks against the adversarially trained model. We also analyzed the evolutionary path of these methods, detailing the specific strategies employed by the agents and their points of failure. Adversarial machine learning has traditionally emphasized that defenses should be tested against attacks specifically designed to counter them; autoresearch automates this essential principle. We contend that this automated evaluation should become the standard baseline for assessing defense mechanisms moving forward.

Source: arXiv Generated at: 2026-06-02 00:00:00 UTC