As large language models (LLMs) continue to advance in capability and influence, ensuring their security and preventing harmful outputs has become crucial. A promising approach to address these concerns involves training models to automatically generate adversarial prompts for red teaming. However, the evolving subtlety of vulnerabilities in LLMs challenges the effectiveness of current adversarial methods, which struggle to specifically target and explore the weaknesses of these models. To tackle these challenges, we introduce the $\mathbf{S}\text{elf-}\mathbf{E}\text{volving }\mathbf{A}\text{dversarial }\mathbf{S}\text{afety }\mathbf{(SEAS)}$ optimization framework, which enhances security by leveraging data generated by the model itself. SEAS operates through three iterative stages: Initialization, Attack, and Adversarial Optimization, refining both the Red Team and Target models to improve robustness and safety. This framework reduces reliance on manual testing and significantly enhances the security capabilities of LLMs. Our contributions include a novel adversarial framework, a comprehensive safety dataset, and after three iterations, the Target model achieves a security level comparable to GPT-4, while the Red Team model shows a marked increase in attack success rate (ASR) against advanced models.

翻译：随着大语言模型（LLMs）在能力与影响力上的持续进步，确保其安全性并防止有害输出已变得至关重要。解决这些问题的一个有前景的方法是训练模型自动生成用于红队测试的对抗性提示。然而，大语言模型中漏洞的演进日趋微妙，这对当前对抗方法的有效性构成了挑战，这些方法难以专门针对并探索这些模型的弱点。为了应对这些挑战，我们引入了自演进对抗安全（SEAS）优化框架，该框架通过利用模型自身生成的数据来增强安全性。SEAS通过三个迭代阶段运行：初始化、攻击和对抗优化，从而同时精炼红队模型和目标模型，以提高其鲁棒性和安全性。该框架减少了对人工测试的依赖，并显著提升了大语言模型的安全能力。我们的贡献包括一个新颖的对抗框架、一个全面的安全数据集，以及在三次迭代后，目标模型达到了与GPT-4相当的安全水平，而红队模型在针对先进模型的攻击成功率（ASR）上显示出显著提升。