Existing AIGT detection evasion methods suffer from high computational overhead and degraded text quality. To address this, we propose the Self-Dressing Attack (SDA)—the first framework enabling large language models to autonomously generate human-like text with high detection resistance. SDA jointly optimizes adversarial feature extraction and retrieval-augmented in-context examples, integrated with controllable prompt engineering, to implicitly guide the model to evade detector-sensitive features—without external fine-tuning or post-processing. Evaluated on three mainstream LLM-generated text corpora, SDA reduces the average detection accuracy of six state-of-the-art AIGT detectors by up to 42.7%, while preserving linguistic fluency, semantic fidelity, and lexical diversity. This work establishes a new benchmark for evaluating AIGT detection robustness and introduces a practical, lightweight adversarial paradigm grounded in prompt-based, self-supervised evasion.

AI-generated text (AIGT) detection evasion aims to reduce the detection probability of AIGT, helping to identify weaknesses in detectors and enhance their effectiveness and reliability in practical applications. Although existing evasion methods perform well, they suffer from high computational costs and text quality degradation. To address these challenges, we propose Self-Disguise Attack (SDA), a novel approach that enables Large Language Models (LLM) to actively disguise its output, reducing the likelihood of detection by classifiers. The SDA comprises two main components: the adversarial feature extractor and the retrieval-based context examples optimizer. The former generates disguise features that enable LLMs to understand how to produce more human-like text. The latter retrieves the most relevant examples from an external knowledge base as in-context examples, further enhancing the self-disguise ability of LLMs and mitigating the impact of the disguise process on the diversity of the generated text. The SDA directly employs prompts containing disguise features and optimized context examples to guide the LLM in generating detection-resistant text, thereby reducing resource consumption. Experimental results demonstrate that the SDA effectively reduces the average detection accuracy of various AIGT detectors across texts generated by three different LLMs, while maintaining the quality of AIGT.