gradient-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Exploits gradient information to craft adversarial inputs that steer model outputs toward attacker-controlled targetsRun it:output-classifier-bypass · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Instructs the model to format harmful outputs in ways that evade post-generation output safety classifiers and filtersRun it:reward-hacking · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Exploits misalignment between proxy reward functions and true objectives to elicit harmful outputs that score highly on RLHF reward modelsRun it:safety-classifier-evasion · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Specifically targets and evades safety classifiers deployed as guardrails using adversarial examples crafted against those classifiersRun it:transferable-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Attacks crafted on surrogate models that transfer to target black-box models due to shared decision boundariesRun it:universal-adversarial-suffix · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Universal transferable suffixes optimized across multiple models to bypass safety alignment on any targetRun it:perturbation-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Applies small, imperceptible perturbations to inputs to cause model misclassification or policy bypassRun it:attention-based-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Crafts inputs that manipulate attention patterns to suppress safety-relevant context and amplify harmful task signalsRun it:beam-search-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Uses beam search to explore token sequences that maximize attack success probability while maintaining fluencyRun it:black-box-optimization · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Query-based optimization attack that crafts adversarial prompts without gradient access using only model outputsRun it:character-level-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Introduces character-level perturbations such as insertions, deletions, and swaps to evade token-based filtersRun it:constrained-optimization-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Solves a constrained optimization problem to find adversarial prompts satisfying fluency and evasion constraints simultaneouslyRun it:embedding-space-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Operates directly in embedding space to find minimal perturbations that move inputs across safety decision boundariesRun it:ensemble-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Combines multiple attack strategies simultaneously to improve robustness against diverse safety mechanismsRun it:genetic-algorithm-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Evolves adversarial prompts through selection, crossover, and mutation to bypass safety filters over generationsRun it:iterative-refinement-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Iteratively refines adversarial prompts based on model feedback to progressively improve jailbreak success rateRun it:latent-space-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Manipulates the model’s latent representations to steer generation toward harmful outputs via activation steeringRun it:model-specific-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Exploits architecture-specific quirks, training artifacts, and known model weaknesses for targeted bypassRun it:paraphrase-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Systematically paraphrases harmful requests to evade surface-level safety filters while retaining the harmful objectiveRun it:reinforcement-learning-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003RL-trained attacker agent that learns prompt strategies maximizing jailbreak reward against safety-trained modelsRun it:semantic-preserving-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Transforms prompts to preserve semantic meaning while evading keyword and pattern-based safety classifiersRun it:sentence-level-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Inserts or modifies entire sentences to shift model behavior while keeping overall prompt structure benign-lookingRun it:token-level-perturbation · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Substitutes tokens at the embedding level to create semantically equivalent but filter-evading adversarial inputsRun it:word-importance-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Identifies and perturbs high-importance words in safety filters to minimize classifier confidence on harmful inputsRun it:synonym-substitution-attack · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Replaces flagged keywords with synonyms or semantically equivalent terms to bypass lexical safety filtersRun it: