Automated Red-Teaming Framework for Large Language Model Security Assessment: A Comprehensive Attack Generation and Detection System
Zhang Wei, Peilu Hu, Shengning Lang, Hao Yan, Li Mei, Yichao Zhang, Chen Yang, Junfeng Hao, Zhimo Han
TL;DR
The paper addresses the scalability gap in LLM security assessment by introducing an automated red-teaming framework that autonomously generates adversarial prompts via meta-prompting, detects vulnerabilities using multi-modal analysis, and evaluates findings through standardized protocols across six threat categories. It demonstrates substantial improvements in vulnerability discovery (47 total, including 21 high-severity and 12 novel) and detection accuracy (89%), achieving a 3.9× efficiency gain over manual testing. The framework's modular architecture, ablation insights, and case studies illustrate its capability to systematically probe LLMs like GPT-OSS-20B while exposing trade-offs between defense robustness and operational overhead. These results advance scalable, reproducible AI safety evaluations and provide actionable guidance for strengthening alignment and security in real-world deployments.
Abstract
As large language models (LLMs) are increasingly deployed in high-stakes domains, ensuring their security and alignment has become a critical challenge. Existing red-teaming practices depend heavily on manual testing, which limits scalability and fails to comprehensively cover the vast space of potential adversarial behaviors. This paper introduces an automated red-teaming framework that systematically generates, executes, and evaluates adversarial prompts to uncover security vulnerabilities in LLMs. Our framework integrates meta-prompting-based attack synthesis, multi-modal vulnerability detection, and standardized evaluation protocols spanning six major threat categories -- reward hacking, deceptive alignment, data exfiltration, sandbagging, inappropriate tool use, and chain-of-thought manipulation. Experiments on the GPT-OSS-20B model reveal 47 distinct vulnerabilities, including 21 high-severity and 12 novel attack patterns, achieving a $3.9\times$ improvement in vulnerability discovery rate over manual expert testing while maintaining 89\% detection accuracy. These results demonstrate the framework's effectiveness in enabling scalable, systematic, and reproducible AI safety evaluations. By providing actionable insights for improving alignment robustness, this work advances the state of automated LLM red-teaming and contributes to the broader goal of building secure and trustworthy AI systems.
