Challenge: Large Language Models (LLMs) have remarkable capabilities but are vulnerable to adversarial “jailbreak” attacks designed to bypass safety guardrails.
Approach: They propose to empower a large language model to be its own red teamer . safety self-play allows the model to act as both the Attacker and Defender .
Outcome: The proposed approach outperforms baselines trained on static adversarial datasets and establishes a new benchmark for proactive safety alignment.

Similar Papers

TriPlay-RL: Tri-Role Self-Play Reinforcement Learning for LLM Safety Alignment (2026.acl-long)

Copied to clipboard

Challenge: Existing approaches to safety alignment of large language models rely on costly manual annotations or human review.
Approach: They propose a closed-loop reinforcement learning framework called TriPlay-RL that enables iterative collaboration among three roles with near-zero manual annotation.
Outcome: The proposed framework achieves 20%–50% improvement in adversarial effectiveness while preserving high output diversity while achieving 10%–30% gains in safety performance without degrading general reasoning capability.
MART: Improving LLM Safety with Multi-round Automatic Red-Teaming (2024.naacl-long)

Copied to clipboard

Challenge: Existing red-teaming methods for large language models often discover safety risks without addressing them.
Approach: They propose a multi-round automatic red-teaming method that incorporates both adversarial prompt writing and safe response generation.
Outcome: The proposed method significantly increases red-teaming scalability and the safety of the target LLM.
MTSA: Multi-turn Safety Alignment for LLMs through Multi-round Red-teaming (2025.acl-long)

Copied to clipboard

Challenge: Existing jailbreak techniques rely on single-round interactions, pro-Corresponding author.
Approach: They propose a multi-turn safety alignment framework to address the challenge of securing large language models in multi-round interactions.
Outcome: The proposed framework exhibits state-of-the-art attack capabilities while improving safety performance on safety benchmarks.
Thinking Twice Makes Large Language Models Safer and More Helpful (2026.findings-acl)

Copied to clipboard

Challenge: Existing safety alignment techniques for large language models (LLMs) struggle to balance harmlessness and usefulness.
Approach: They propose a safety-aware reflection-based reasoning framework that internalizes self-reflective reasoning and encourages reflection and correction.
Outcome: The proposed framework outperforms reasoning-based alignment methods in safety alignment.
MUSE: MCTS-Driven Red Teaming Framework for Enhanced Multi-Turn Dialogue Safety in Large Language Models (2025.emnlp-main)

Copied to clipboard

Challenge: Existing defenses target single-turn attacks, but real-world usage involves multi-turn dialogues, exposing models to attacks that exploit conversational context to bypass safety measures.
Approach: They propose a framework that tackles multi-turn jailbreaks from both attack and defense angles.
Outcome: Experiments on large language models show that MUSE effectively mitigates multi-turn jailbreaks.
RedCoder: Automated Multi-Turn Red Teaming for Code LLMs (2026.acl-long)

Copied to clipboard

Challenge: Existing red-teaming approaches for code generation rely on extensive human effort and are prone to generating malicious code under adversarial environments.
Approach: They propose a red-teaming agent that engages victim models in multi-turn conversations to elicit vulnerable code.
Outcome: Experiments show that RedCoder outperforms red-teaming methods in inducing vulnerabilities in code generation.
When Prompt Optimization Becomes Jailbreaking: Adaptive Red-Teaming of Large Language Models (2026.eacl-srw)

Copied to clipboard

Challenge: Existing safety evaluations rely on fixed collections of harmful prompts . such attacks span single-shot prompts, multi-turn interactions, cross-lingual settings .
Approach: They propose to use black-box prompt optimization techniques to search for safety failures . they use GPT-5.1 to optimize for a continuous danger score .
Outcome: The proposed approach reduces effective safeguards for large language models . the average danger score of Qwen 3 8B increases from 0.09 in its baseline setting to 0.79 after optimization.
SELF-GUARD: Empower the LLM to Safeguard Itself (2024.naacl-long)

Copied to clipboard

Challenge: Recent studies have investigated methods to improve the safety of large language models (LLMs) safety training involves fine-tuning the LLM with adversarial samples, which activate the LRM’s capabilities against jailbreak.
Approach: They propose a safety training approach that integrates safety training and safeguards to train the LLM to perform harmfulness detection on its own outputs.
Outcome: The proposed method reduces harmful output and adds a [harmful] or [harmless] tag to the end of the LLM's response.
Why Not Act on What You Know? Unleashing Safety Potential of LLMs via Self-Aware Guard Enhancement (2025.findings-acl)

Copied to clipboard

Challenge: Large Language Models (LLMs) have demonstrated impressive capabilities across various tasks but are vulnerable to meticulously crafted jailbreak attacks.
Approach: They propose a training-free defense strategy to align LLMs’ strong safety discrimination performance with their relatively weaker safety generation ability.
Outcome: The proposed strategy achieves an average 99% success rate against numerous complex and covert jailbreak methods while maintaining helpfulness on general benchmarks.
Defending Against Alignment-Breaking Attacks via Robustly Aligned LLM (2024.acl-long)

Copied to clipboard

Challenge: Large Language Models (LLMs) have made significant advancements but can be misused to generate harmful content.
Approach: They propose a Robustly Aligned LLM to defend against alignment-breaking attacks by retraining existing LLMs and using adversarial or handcrafted jailbreaking prompts.
Outcome: The proposed model reduces attack success rates from nearly 100% to around 10% or less.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations