As the use of large language models (LLMs) continues to expand, ensuring their safety and robustness has become a critical challenge. In particular, jailbreak attacks that bypass built-in safety mechanisms are increasingly recognized as a tangible threat across industries, driving the need for diverse templates to support red-teaming efforts and strengthen defensive techniques. However, current approaches predominantly rely on two limited strategies: (i) substituting harmful queries into fixed templates, and (ii) having the LLM generate entire templates, which often compromises intent clarity and reproductibility. To address this gap, this paper introduces the Embedded Jailbreak Template, which preserves the structure of existing templates while naturally embedding harmful queries within their context. We further propose a progressive prompt-engineering methodology to ensure template quality and consistency, alongside standardized protocols for generation and evaluation. Together, these contributions provide a benchmark that more accurately reflects real-world usage scenarios and harmful intent, facilitating its application in red-teaming and policy regression testing.

翻译：随着大语言模型（LLMs）应用范围的持续扩大，确保其安全性与鲁棒性已成为一项关键挑战。特别是，能够绕过内置安全机制的越狱攻击日益被视为跨行业领域中的切实威胁，这推动了对多样化模板的需求，以支持红队测试工作并强化防御技术。然而，当前方法主要依赖于两种有限策略：（i）将有害查询替换到固定模板中，以及（ii）让LLM生成完整模板，这通常会损害意图清晰度与可复现性。为弥补这一不足，本文引入了嵌入式越狱模板，该模板在保留现有模板结构的同时，将有害查询自然地嵌入其上下文中。我们进一步提出了一种渐进式提示工程方法，以确保模板质量与一致性，并辅以标准化的生成与评估协议。这些贡献共同提供了一个能更准确反映实际使用场景与有害意图的基准，促进了其在红队测试与策略回归测试中的应用。