← Back to Model Beat
4Policy·Apr 17

AutoRAN: Automated Hijacking of Safety Reasoning in Large Reasoning Models

arXiv:2505.10846v3 Announce Type: replace Abstract: This paper presents AutoRAN, the first framework to automate the hijacking of internal safety reasoning in large reasoning models (LRMs). At its core, AutoRAN pioneers an execution simulation paradigm that leverages a weaker but less-aligned model to simulate execution reasoning for initial hijacking attempts and iteratively refine attacks by exploiting reasoning patterns leaked through the target LRM's refusals. This approach steers the target model to bypass its own safety guardrails and elaborate on harmful instructions. We evaluate AutoRAN against state-of-the-art LRMs, including GPT-o3/o4-mini and Gemini-2.5-Flash, across multiple benchmarks (AdvBench, HarmBench, and StrongReject). Results show that AutoRAN achieves approaching 100% success rate within one or few turns, effectively neutralizing reasoning-based defenses even when evaluated by robustly aligned external models. This work reveals that the transparency of the reasoning process itself creates a critical and exploitable attack surface, highlighting the urgent need for new defenses that protect…

Covered by 1 source

  • AarXiv CS.AIJiacheng Liang, Tanqiu Jiang, Yuhui Wang, Rongyi Zhu, Fenglong Ma, Ting WangApr 17

Related stories

PolicyMaking AI operational in constrained public sector environmentsApr 16PolicyThe Specification Trap: Why Static Value Alignment Alone Is Insufficient for Robust AlignmentApr 17PolicyGoogle Told to Share Search Data With AI Rivals in EU ProposalApr 16PolicyUK AI Minister Hits Back at OpenAI for Pausing Stargate ProjectApr 16