Large Language Models (LLMs) exhibit remarkable capabilities but are susceptible to adversarial prompts that exploit vulnerabilities to produce unsafe or biased outputs. Existing red-teaming methods often face scalability challenges, resource-intensive requirements, or limited diversity in attack strategies. We propose RainbowPlus, a novel red-teaming framework rooted in evolutionary computation, enhancing adversarial prompt generation through an adaptive quality-diversity (QD) search that extends classical evolutionary algorithms like MAP-Elites with innovations tailored for language models. By employing a multi-element archive to store diverse high-quality prompts and a comprehensive fitness function to evaluate multiple prompts concurrently, RainbowPlus overcomes the constraints of single-prompt archives and pairwise comparisons in prior QD methods like Rainbow Teaming. Experiments comparing RainbowPlus to QD methods across six benchmark datasets and four open-source LLMs demonstrate superior attack success rate (ASR) and diversity (Diverse-Score $\approx 0.84$), generating up to 100 times more unique prompts (e.g., 10,418 vs. 100 for Ministral-8B-Instruct-2410). Against nine state-of-the-art methods on the HarmBench dataset with twelve LLMs (ten open-source, two closed-source), RainbowPlus achieves an average ASR of 81.1%, surpassing AutoDAN-Turbo by 3.9%, and is 9 times faster (1.45 vs. 13.50 hours). Our open-source implementation fosters further advancements in LLM safety, offering a scalable tool for vulnerability assessment. Code and resources are publicly available at https://github.com/knoveleng/rainbowplus, supporting reproducibility and future research in LLM red-teaming.

翻译：大型语言模型（LLMs）展现出卓越的能力，但易受对抗性提示攻击，这些提示利用模型漏洞产生不安全或有偏见的输出。现有的红队方法常面临可扩展性挑战、资源密集需求或攻击策略多样性有限的问题。我们提出RainbowPlus，一种基于演化计算的新型红队框架，通过自适应质量-多样性（QD）搜索增强对抗性提示生成。该框架扩展了MAP-Elites等经典演化算法，并针对语言模型进行了专门创新。通过采用多元素档案存储多样化高质量提示，以及使用综合适应度函数并行评估多个提示，RainbowPlus克服了Rainbow Teaming等先前QD方法中单提示档案和成对比较的限制。在六个基准数据集和四个开源LLMs上对比RainbowPlus与QD方法的实验表明，其具有更优的攻击成功率（ASR）和多样性（Diverse-Score $\approx 0.84$），生成的独特提示数量最多可达100倍（例如，Ministral-8B-Instruct-2410模型上生成10,418个对比100个）。在HarmBench数据集上针对十二个LLMs（十个开源，两个闭源）与九种前沿方法对比，RainbowPlus实现了81.1%的平均ASR，超过AutoDAN-Turbo 3.9%，且速度快9倍（1.45小时对比13.50小时）。我们的开源实现促进了LLM安全领域的进一步发展，为漏洞评估提供了可扩展工具。代码与资源公开于https://github.com/knoveleng/rainbowplus，支持LLM红队研究的可复现性与未来探索。