Title: VERA: A Variational Inference Approach to Jailbreaking Large Language Models

Abstract:

As access to state-of-the-art Large Language Models (LLMs) becomes increasingly restricted to API-only interfaces, there is a growing demand for robust black-box jailbreak techniques capable of exposing model vulnerabilities in practical scenarios. Current methods largely depend on genetic algorithms due to the absence of a principled objective for gradient-based optimization. However, these genetic approaches suffer from significant limitations, including sensitivity to initialization, reliance on manually selected prompt pools, and the need for separate optimization processes for each individual prompt. Consequently, they fail to offer a holistic understanding of model weaknesses.

To bridge this gap, we present VERA (Variational infErence fRamework for jAilbreaking). VERA reframes black-box jailbreak prompting as a variational inference challenge. It employs a compact attacker LLM to learn an approximation of the target LLM’s posterior distribution over adversarial prompts. After the training phase, the attacker model is capable of producing varied and coherent jailbreak prompts for any given target query without requiring further optimization. Our experiments demonstrate that VERA delivers impressive results across multiple target LLMs, underscoring the effectiveness of probabilistic inference in the generation of adversarial prompts.

Source: arXiv Generated at: 2026-06-02 00:00:00 UTC