Large language models (LLMs) remain vulnerable to sophisticated prompt engineering attacks that exploit contextual framing to bypass safety mechanisms, posing significant risks in cybersecurity applications. We introduce Jailbreak Mimicry, a systematic methodology for training compact attacker models to automatically generate narrative-based jailbreak prompts in a one-shot manner. Our approach transforms adversarial prompt discovery from manual craftsmanship into a reproducible scientific process, enabling proactive vulnerability assessment in AI-driven security systems. Developed for the OpenAI GPT-OSS-20B Red-Teaming Challenge, we use parameter-efficient fine-tuning (LoRA) on Mistral-7B with a curated dataset derived from AdvBench, achieving an 81.0% Attack Success Rate (ASR) against GPT-OSS-20B on a held-out test set of 200 items. Cross-model evaluation reveals significant variation in vulnerability patterns: our attacks achieve 66.5% ASR against GPT-4, 79.5% on Llama-3 and 33.0% against Gemini 2.5 Flash, demonstrating both broad applicability and model-specific defensive strengths in cybersecurity contexts. This represents a 54x improvement over direct prompting (1.5% ASR) and demonstrates systematic vulnerabilities in current safety alignment approaches. Our analysis reveals that technical domains (Cybersecurity: 93% ASR) and deception-based attacks (Fraud: 87.8% ASR) are particularly vulnerable, highlighting threats to AI-integrated threat detection, malware analysis, and secure systems, while physical harm categories show greater resistance (55.6% ASR). We employ automated harmfulness evaluation using Claude Sonnet 4, cross-validated with human expert assessment, ensuring reliable and scalable evaluation for cybersecurity red-teaming. Finally, we analyze failure mechanisms and discuss defensive strategies to mitigate these vulnerabilities in AI for cybersecurity.

翻译：大型语言模型（LLMs）仍然容易受到利用上下文框架绕过安全机制的复杂提示工程攻击，这在网络安全应用中构成重大风险。我们提出“越狱模拟”，一种系统化方法，通过训练紧凑的攻击者模型以单样本方式自动生成基于叙事的越狱提示。我们的方法将对抗性提示发现从手工制作转变为可复现的科学过程，从而实现对人工智能驱动安全系统的主动漏洞评估。该方法为OpenAI GPT-OSS-20B红队挑战赛开发，我们在Mistral-7B模型上使用参数高效微调（LoRA）技术，并利用源自AdvBench的精选数据集进行训练，在包含200个项目的保留测试集上对GPT-OSS-20B实现了81.0%的攻击成功率（ASR）。跨模型评估揭示了漏洞模式的显著差异：我们的攻击对GPT-4达到66.5% ASR，对Llama-3达到79.5% ASR，对Gemini 2.5 Flash达到33.0% ASR，这既证明了方法的广泛适用性，也揭示了网络安全背景下模型特定的防御优势。相较于直接提示（1.5% ASR），该方法实现了54倍的性能提升，并证明了当前安全对齐方法存在系统性漏洞。我们的分析表明，技术领域（网络安全：93% ASR）和基于欺骗的攻击（欺诈：87.8% ASR）尤其脆弱，突显了其对人工智能集成威胁检测、恶意软件分析和安全系统的威胁，而物理伤害类别则表现出更强的抵抗力（55.6% ASR）。我们采用Claude Sonnet 4进行自动化危害性评估，并与人类专家评估进行交叉验证，从而确保网络安全红队测试的可靠且可扩展的评估。最后，我们分析了失败机制，并讨论了在网络安全人工智能中缓解这些漏洞的防御策略。