← Back to Library

TreeTeaming: Autonomous Red-Teaming of Vision-Language Models via Hierarchical Strategy Exploration

Authors: Chunxiao Li, Lijun Li, Jing Shao

Published: 2026-03-24

arXiv ID: 2603.22882v1

Added to Library: 2026-03-25 02:01 UTC

Red Teaming

📄 Abstract

The rapid advancement of Vision-Language Models (VLMs) has brought their safety vulnerabilities into sharp focus. However, existing red teaming methods are fundamentally constrained by an inherent linear exploration paradigm, confining them to optimizing within a predefined strategy set and preventing the discovery of novel, diverse exploits. To transcend this limitation, we introduce TreeTeaming, an automated red teaming framework that reframes strategy exploration from static testing to a dynamic, evolutionary discovery process. At its core lies a strategic Orchestrator, powered by a Large Language Model (LLM), which autonomously decides whether to evolve promising attack paths or explore diverse strategic branches, thereby dynamically constructing and expanding a strategy tree. A multimodal actuator is then tasked with executing these complex strategies. In the experiments across 12 prominent VLMs, TreeTeaming achieves state-of-the-art attack success rates on 11 models, outperforming existing methods and reaching up to 87.60\% on GPT-4o. The framework also demonstrates superior strategic diversity over the union of previously public jailbreak strategies. Furthermore, the generated attacks exhibit an average toxicity reduction of 23.09\%, showcasing their stealth and subtlety. Our work introduces a new paradigm for automated vulnerability discovery, underscoring the necessity of proactive exploration beyond static heuristics to secure frontier AI models.

🔍 Key Points

  • Introduction of TreeTeaming, an automated red-teaming framework that transitions from static to dynamic strategy exploration of Vision-Language Models (VLMs).
  • Evidence of TreeTeaming's superior performance, achieving state-of-the-art attack success rates (ASR) on 11 out of 12 evaluated VLMs, with a maximum ASR of 87.60% on GPT-4o.
  • The framework promotes strategic diversity, producing a set of attacks that exhibit a 23.09% reduction in toxicity compared to existing methods.
  • TreeTeaming discovers novel attack strategies beyond previously known techniques, leveraging a hierarchical strategy tree to systematically explore the attack landscape.
  • The experimental results demonstrate the effectiveness of TreeTeaming to uncover vulnerabilities in VLMs, which is critical for improving AI safety and robustness.

💡 Why This Paper Matters

The paper introduces a significant step forward in automated red teaming for VLMs, providing a framework that enhances the exploration and exploitation of potential vulnerabilities. Its ability to achieve high attack success rates while maintaining diversity in strategies makes it a pivotal contribution to the field of AI safety research. This work lays important groundwork for future explorations into securing advanced VLMs against more sophisticated adversarial attacks.

🎯 Why It's Interesting for AI Security Researchers

This paper is of great interest to AI security researchers as it addresses the growing safety concerns associated with emerging Vision-Language Models. The introduction of TreeTeaming not only aids in identifying safety gaps in these models but also provides insights into dynamic exploration strategies that can be employed to enhance model robustness and resilience against adversarial threats. As AI systems continue to integrate into various applications, understanding and mitigating the risks associated with their vulnerabilities becomes paramount.

📚 Read the Full Paper

📄 View on arXiv 📎 Download PDF